CVE-2025-38697

HIGH
2025-09-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Sep 04, 2025 - 16:15 nvd
HIGH 7.8

Tags

Linux Buffer Overflow Denial Of Service Debian Linux Linux Kernel Redhat Suse

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted.

Analysis

A vulnerability in the Linux kernel's JFS (Journaled File System) implementation allows local attackers with low privileges to potentially achieve arbitrary code execution or cause system crashes through improper bounds checking when calculating tree indices in the dbAllocAG function. This occurs when processing corrupted filesystem metadata, leading to out-of-bounds memory access. With an EPSS score of only 0.01% and no known exploits in the wild, this represents a low real-world risk despite the high CVSS score of 7.8.

Technical Context

The vulnerability affects the Linux kernel's JFS filesystem driver, specifically in the dbAllocAG function responsible for disk block allocation. Based on the CPE data, this impacts Linux kernel versions starting from 2.6.12 through multiple stable branches. The issue is classified as CWE-129 (Improper Validation of Array Index), where the code fails to validate that computed tree indices remain within the bounds of the stree data structure. When JFS encounters corrupted filesystem metadata, it can calculate invalid indices that lead to memory corruption or information disclosure.

Affected Products

The vulnerability affects Linux kernel versions starting from 2.6.12 release candidate 2 through multiple stable kernel branches, as indicated by the CPE identifiers cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* and multiple wildcard entries. Debian has issued security updates for their Long Term Support releases as documented in debian-lts-announce messages 2025/10/msg00007 and 2025/10/msg00008. The extensive list of kernel.org patch commits indicates this affects mainline kernel branches 4.19.x, 5.4.x, 5.10.x, 5.15.x, 6.1.x, 6.6.x, 6.11.x, and 6.12.x.

Remediation

Apply the official kernel patches available from kernel.org, with specific commits referenced for each affected branch: 6.12.x (1467a75819e4), 6.11.x (c8ca21a2836993), 6.6.x (a4f199203f79c), 6.1.x (49ea46d9025aa), 5.15.x (5bdb9553fb134), 5.10.x (2dd05f09cc323), 5.4.x (30e19a884c0b1), and 4.19.x (c214006856ff5). Debian users should update to the latest kernel packages as announced in their security advisories. As a temporary mitigation, restrict mount privileges for untrusted users and avoid mounting JFS filesystems from untrusted sources until patching is complete.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Vendor Status

Share

CVE-2025-38697 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy