CVE-2025-38692
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. (1) Condition for exfat_count_dir_entries() to loop infinitely. - The cluster chain includes a loop. - There is no UNUSED entry in the cluster chain. (2) Condition for exfat_create_upcase_table() to loop infinitely. - The cluster chain of the root directory includes a loop. - There are no UNUSED entry and up-case table entry in the cluster chain of the root directory. (3) Condition for exfat_load_bitmap() to loop infinitely. - The cluster chain of the root directory includes a loop. - There are no UNUSED entry and bitmap entry in the cluster chain of the root directory. (4) Condition for exfat_find_dir_entry() to loop infinitely. - The cluster chain includes a loop. - The unused directory entries were exhausted by some operation. (5) Condition for exfat_check_dir_empty() to loop infinitely. - The cluster chain includes a loop. - The unused directory entries were exhausted by some operation. - All files and sub-directories under the directory are deleted. This commit adds checks to break the above infinite loop.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38692
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's exFAT file system driver can cause infinite loops during certain file system operations if the file system is corrupted. Specifically, if the cluster chain (a linked list of storage units) contains a loop and certain conditions about directory entries are met (such as no UNUSED entries or exhausted unused directory entries), functions like exfat_count_dir_entries(), exfat_create_upcase_table(), exfat_load_bitmap(), exfat_find_dir_entry(), and exfat_check_dir_empty() may loop infinitely. This can cause the system to hang or become unresponsive during file system access. The vulnerability was fixed by adding checks to detect and break these infinite loops.

Impact Analysis

This vulnerability can cause the Linux system to hang or become unresponsive when accessing or manipulating exFAT file systems that are corrupted in a specific way. This could lead to denial of service conditions where legitimate file system operations cannot complete, potentially disrupting normal system or application functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart