CVE-2025-38697

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to an upper bound check of the tree index in the dbAllocAG function within the JFS filesystem. Specifically, the code does not verify if the computed tree index is within the bounds of the stree size. This issue could occur when filesystem metadata is corrupted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-125

Related Identifiers

BDU:2025-15757

CVE-2025-38697

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-E6F3-713D-DAE8

MGASA-2025-0234

MGASA-2025-0235

OESA-2026-1275

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Jfs

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38697

Weakness Enumeration

Related Identifiers

Affected Products

References · 2823