Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70100

CVE-2025-70100: lwext4 Library Divide-by-Zero DoS Flaw

CVE-2025-70100 is a divide-by-zero vulnerability in lwext4 1.0.0 library that enables attackers to trigger denial of service via malformed ext4 images. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-70100 Overview

CVE-2025-70100 is a divide-by-zero vulnerability in the ext4_block_set_lb_size function located in src/ext4_blockdev.c of the lwext4 1.0.0 library. The flaw allows a local attacker to trigger a denial of service by supplying a malformed ext4 filesystem image that results in a zero logical block size. The condition is reached during mount or image processing operations and leads to a Floating-Point Exception (FPE) under sanitizer builds or a runtime crash in standard builds. The library does not validate lb_size before using it as a divisor, making the failure path reachable through untrusted filesystem images. The weakness is classified under [CWE-369: Divide By Zero].

Critical Impact

A crafted ext4 image processed by lwext4 1.0.0 causes the consuming application or embedded system to crash, resulting in availability loss for any service relying on the library.

Affected Products

  • lwext4 library version 1.0.0
  • Applications and firmware that embed lwext4 for ext4 filesystem parsing or mounting
  • Embedded and IoT systems using lwext4 to handle untrusted filesystem images

Discovery Timeline

  • 2026-06-03 - CVE-2025-70100 published to NVD
  • 2026-06-03 - Last updated in NVD database

Technical Details for CVE-2025-70100

Vulnerability Analysis

The vulnerability resides in ext4_block_set_lb_size within src/ext4_blockdev.c. The function accepts a logical block size value derived from the ext4 superblock without sanity checking. When that value is zero, subsequent arithmetic operations divide by lb_size, producing an undefined arithmetic condition. Under sanitizer-instrumented builds, the operation raises a Floating-Point Exception. In standard release builds, the CPU raises a divide-by-zero hardware exception, terminating the process. The attack requires local interaction such as mounting or otherwise processing a malicious image, which aligns with the local attack vector and user-interaction requirement reported for this issue.

Root Cause

The root cause is missing input validation. The lwext4 1.0.0 codebase does not verify that the logical block size parsed from the supplied ext4 image is non-zero before using it as a divisor. Any attacker-controlled image with a zeroed block size field reaches the unguarded division operation.

Attack Vector

An attacker crafts a malformed ext4 filesystem image containing a zero logical block size and delivers it to a victim system that uses lwext4 to mount or parse the image. Processing the image triggers the divide-by-zero condition and terminates the consumer. The attack does not require privileges but does require the victim to load the supplied image.

No verified exploit code is published. See the GitHub Issue Report and the GitHub PoC Code for the original technical details.

Detection Methods for CVE-2025-70100

Indicators of Compromise

  • Repeated process crashes or SIGFPE signals in applications that invoke lwext4 mount or image-processing routines.
  • Core dumps referencing ext4_block_set_lb_size or src/ext4_blockdev.c in the faulting frame.
  • Unexpected termination of embedded services immediately after handling an externally supplied ext4 image.

Detection Strategies

  • Inventory binaries and firmware images that statically or dynamically link against lwext4 1.0.0.
  • Inspect ext4 images at ingestion points and reject those whose superblock declares a zero or otherwise invalid logical block size.
  • Run lwext4 consumers under sanitizers in CI to surface the Floating-Point Exception during fuzzing of ext4 inputs.

Monitoring Recommendations

  • Alert on SIGFPE termination signals and abnormal exit codes from processes that handle filesystem images.
  • Monitor systemd, watchdog, or supervisor logs for repeated restarts of services that mount user-supplied images.
  • Track ingestion of ext4 images from untrusted sources and correlate with subsequent process failures.

How to Mitigate CVE-2025-70100

Immediate Actions Required

  • Restrict lwext4-based services from processing ext4 images supplied by untrusted users or external sources.
  • Add a pre-validation step that parses the ext4 superblock and rejects images with a zero logical block size before invoking lwext4.
  • Rebuild affected applications with a patched lwext4 once an upstream fix is available, and track the GitHub Issue Report for status.

Patch Information

No vendor-released patch is referenced in the available CVE data. Maintainers and downstream integrators should apply a guard in ext4_block_set_lb_size that returns an error when lb_size is zero, and rebuild dependent firmware and applications. Monitor the upstream lwext4 repository for an official fix.

Workarounds

  • Add a local patch to src/ext4_blockdev.c that validates lb_size != 0 before any division operation and propagates an error to the caller.
  • Sandbox or isolate processes that mount ext4 images so a crash does not impact the host or other services.
  • Disable automatic mounting of user-provided ext4 images and require administrator review before processing.
bash
# Configuration example: reject ext4 images with zero block size before handing to lwext4
# Pseudocode for an ingestion guard
if [ "$(read_superblock_block_size "$IMAGE")" -eq 0 ]; then
  echo "Rejecting malformed ext4 image: zero logical block size" >&2
  exit 1
fi

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.