CVE-2025-38347

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66

Description: A flaw exists in the f2fs file system within the Linux kernel related to insufficient sanity checks on inode numbers (ino) and extended attribute inode numbers (xnid). Specifically, a scenario can occur where the xattr nid of an inode is identical to its i ino, leading to a deadlock during the mknod operation within a corrupted directory. The issue arises from attempting to lock the directory's inode page twice during the process, triggered by the call stack involving f2fs mknod, f2fs add inline entry, f2fs get inode page, f2fs init acl, f2fs acl create, f2fs get acl, f2fs getxattr, lookup all xattrs, and get node page.

Recommendations: Linux kernel versions prior to 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 should be updated to a newer version that includes the fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833

Related Identifiers

AZL-64928

AZL-72838

BDU:2025-08807

CVE-2025-38347

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-05B6-75D8-94A4

MGASA-2025-0218

MGASA-2025-0219

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38347

Weakness Enumeration

Related Identifiers

Affected Products

References · 1379