CVE-2025-37785

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description The issue is related to an out-of-bounds read in the Linux kernel when checking the dotdot directory. This occurs when mounting a corrupted filesystem with a directory containing a '.' dir entry with rec len equal to the block size. The ext4 empty dir() function assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. If the rec len of '.' is precisely one block, it slips through sanity checks and leaves a pointer pointing past the memory slot allocated to the data block, resulting in an out-of-bounds memory access. This issue was found by the syzkaller tool.

Recommendations As a temporary workaround, consider disabling the ext4 empty dir() function until a patch is available. Restrict access to corrupted filesystems to minimize the risk of exploitation. Update to a newer version of the Linux kernel that contains the fix for this issue.

Note: The exact version of the Linux kernel that contains the fix is not specified in the provided input descriptions.