CVE-2025-38652

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel related to out-of-boundary access within the f2fs filesystem when handling device paths. Specifically, if the device path length reaches MAX PATH LEN, the sbi->devs.path[] array may not be null-terminated, potentially leading to misinterpretation of data following the path array as part of the device path. This can occur during device mounting and cause failures in finding devices. The issue resides within the f2fs dev info structure, specifically the path field.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-66596

BDU:2025-15776

CVE-2025-38652

DLA-4327-1

DLA-4328-1

ECHO-2145-9615-C33A

MGASA-2025-0234

MGASA-2025-0235

OPENSUSE-SU-2025:15533-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7934-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

F2Fs

CVE-2025-38652

Weakness Enumeration

Related Identifiers

Affected Products

References · 1367