CVE-2025-38221

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version

Description: The issue is related to the ext4 file system in the Linux kernel. It occurs when punching a hole with a start offset that exceeds max end, resulting in a negative length in the truncate inode partial folio() function while truncating the page cache. This can lead to undesirable consequences. A reproducer for this issue involves using the truncate and xfs io commands to create a specific scenario that triggers the bug.

Recommendations: For Linux kernel versions prior to the fixed version, consider applying the fix that filters out cases where the punching start offset exceeds max end to prevent the out-of-bounds punch offset issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.