CVE-2025-38652
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.10.244 |
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-boundary access issue in the Linux kernel's f2fs filesystem code. Specifically, when the device path length equals MAX_PATH_LEN, the path array is fully filled without a null terminator, causing subsequent fields in memory to be mistakenly treated as part of the device path. This leads to incorrect parsing of the device path and potential memory access errors. The fix involves adding one byte of space to ensure the device path string is properly null-terminated.
How can this vulnerability impact me? :
This vulnerability can cause incorrect parsing of device paths in the f2fs filesystem, potentially leading to out-of-bound memory access. This may result in system instability, crashes, or unexpected behavior when mounting or accessing f2fs filesystems with device paths at the maximum allowed length.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the out-of-boundary access issue on an F2FS filesystem. The following commands illustrate the steps to trigger the condition related to the vulnerability: 1. touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 2. truncate -s $((1024*1024*1024)) /mnt/f2fs/012345678901234567890123456789012345678901234567890123 3. touch /mnt/f2fs/file 4. truncate -s $((1024*1024*1024)) /mnt/f2fs/file 5. mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 -c /mnt/f2fs/file 6. mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 /mnt/f2fs/loop If the vulnerability is present, kernel logs may show messages such as: [16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff [16937.192268] F2FS-fs (loop0): Failed to find devices These indicate that the device path parsing failed due to the out-of-boundary access issue.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the out-of-boundary access in f2fs devs.path. The fix involves adding one byte space for sbi->devs.path[] to store the null character of the device path string, preventing incorrect parsing of device paths. Until the update is applied, avoid mounting or creating F2FS filesystems with device paths at the maximum path length to prevent triggering the vulnerability.