CVE-2025-38382
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-12-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.1.57 (inc) to 6.1.144 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.97 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.37 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.6 (exc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's btrfs filesystem during the iteration of extended references (extrefs) in log replay. Specifically, in the function __inode_add_ref(), an uninitialized variable victim_name.len is used due to a jump in the code flow before it is set. This leads to invalid memory access during the next loop iteration because victim_name.len does not hold the correct length of the current extref's name. The issue is fixed by properly initializing victim_name.len with the current extref's name length.
How can this vulnerability impact me? :
This vulnerability can cause invalid memory access in the Linux kernel when processing btrfs extrefs, which may lead to kernel crashes or instability. Such behavior could potentially be exploited to cause denial of service or other unintended effects on systems using the affected kernel version.