CVE-2025-38652
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
22/08/2025
Last modified:
07/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
f2fs: fix to avoid out-of-boundary access in devs.path<br />
<br />
- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123<br />
- truncate -s $((1024*1024*1024)) \<br />
/mnt/f2fs/012345678901234567890123456789012345678901234567890123<br />
- touch /mnt/f2fs/file<br />
- truncate -s $((1024*1024*1024)) /mnt/f2fs/file<br />
- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \<br />
-c /mnt/f2fs/file<br />
- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \<br />
/mnt/f2fs/loop<br />
<br />
[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff<br />
[16937.192268] F2FS-fs (loop0): Failed to find devices<br />
<br />
If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may<br />
not end up w/ null character due to path array is fully filled, So<br />
accidently, fields locate after path[] may be treated as part of<br />
device path, result in parsing wrong device path.<br />
<br />
struct f2fs_dev_info {<br />
...<br />
char path[MAX_PATH_LEN];<br />
...<br />
};<br />
<br />
Let&#39;s add one byte space for sbi->devs.path[] to store null<br />
character of device path string.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 5.4.297 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.241 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.190 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.148 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.102 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.1 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e
- https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d
- https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136
- https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e
- https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea
- https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0
- https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd
- https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa
- https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html