CVE-2025-38579
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's f2fs filesystem involves the use of uninitialized values in the extent_info structure. Specifically, the function get_read_extent_info initializes only some fields of extent_info, leaving others uninitialized. When these uninitialized fields are accessed later during extent merging operations, it causes undefined behavior. The issue was detected by KMSAN (Kernel Memory Sanitizer) and fixed by zero-initializing the entire extent_info structure before use.
How can this vulnerability impact me? :
The vulnerability can lead to undefined behavior in the Linux kernel when handling filesystem extent merging in f2fs. This could potentially cause system instability, crashes, or data corruption due to the use of uninitialized memory values.