CVE-2025-38204
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.4.295 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.15.4 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an array-index-out-of-bounds read in the Linux kernel's JFS (Journaled File System) component, specifically in the add_missing_indices function. The issue arises because the variable 'stbl' is defined as a signed 8-bit integer (s8), but it is used to hold offsets that can range from 0 to 127, which can cause out-of-bounds access. The fix involved adding a boundary check to prevent this error and returning an error code (-EIO) if the check fails. Additionally, the jfs_readdir function was modified to return an error if add_missing_indices fails.
How can this vulnerability impact me? :
This vulnerability could lead to improper memory access in the Linux kernel's JFS file system, potentially causing system instability, crashes, or data corruption when reading directories. It may also allow attackers to exploit the kernel by triggering this out-of-bounds read, which could lead to denial of service or other unintended behavior.