PT-2025-27969 · Linux+6 · Linux Kernel+6

Published

2025-07-04

·

Updated

2026-04-20

·

CVE-2025-38194

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.128
Description: A bug in the jffs2 file system has been detected, caused by a fault injection in jffs2 prealloc raw node refs. The function jffs2 sum write sumnode does not check the return value of jffs2 prealloc raw node refs, allowing any error to propagate into jffs2 sum write data, which eventually calls jffs2 link node ref. This can lead to a kernel bug. The issue was found by the Linux Verification Center with Syzkaller.
Recommendations: To resolve this issue, check the return value of jffs2 prealloc raw node refs before calling jffs2 sum write data. As a temporary workaround, consider disabling the jffs2 link node ref function until a patch is available. Restrict access to the vulnerable jffs2 module to minimize the risk of exploitation.

Exploit

Fix

Unchecked Return Value

Weakness Enumeration

CWE-252

Related Identifiers

BDU:2025-13475
CVE-2025-38194
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-F348-59CC-87A0
MGASA-2025-0218
MGASA-2025-0219
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu