CVE-2025-39840
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.14 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the Linux kernel's audit subsystem, specifically in the function audit_compare_dname_path(). It occurs when a watch on the root directory (/) is combined with a filesystem notification event involving a single-character name directly under /. Due to incorrect handling of path length, the code reads memory outside the intended bounds, which can lead to unexpected behavior or crashes. The issue was fixed by adding a check to ensure the path length is greater than zero before accessing the memory.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel audit subsystem to perform an out-of-bounds read, potentially leading to system instability, crashes, or undefined behavior. While the description does not specify exploitation details, such memory errors can be leveraged to cause denial of service or potentially escalate privileges depending on the context.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the out-of-bounds read in audit_compare_dname_path(). Avoid setting watches on dir=/ combined with fsnotify events for single-character names until the fix is applied.