CVE-2025-38204

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue concerns an array-index-out-of-bounds read in the add missing indices function. Specifically, the stbl variable is of type s8 but is expected to contain offsets into a slot that can range from 0 to 127. To address this, a bound check has been added, and if the check fails, the function returns -EIO. Additionally, jfs readdir now returns with an error if add missing indices returns with an error.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-125

Related Identifiers

BDU:2025-15482

CVE-2025-38204

DLA-4327-1

ECHO-5154-CAC7-EBB3

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:02996-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:03023-1

SUSE-SU-2025:20577-1

SUSE-SU-2025:20586-1

SUSE-SU-2025:20601-1

SUSE-SU-2025:20602-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02969-1

SUSE-SU-2025_02996-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

SUSE-SU-2025_03023-1

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-38204

Weakness Enumeration

Related Identifiers

Affected Products

References · 1372