PT-2025-35974 · Ext4+6 · Ext4+6

Syzbot

·

Published

2025-07-17

·

Updated

2026-04-20

·

CVE-2025-38701

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw where a maliciously fuzzed file system can trigger a BUG ON in the ext4 update inline data() function when an inode has the INLINE DATA FL flag set but is missing the system.data extended attribute. This issue was identified through syzbot fuzzing. The vulnerability is addressed by replacing BUG ON with EXT4 ERROR INODE() in ext4 update inline data(), ext4 create inline data(), and ext4 inline data truncate().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Assertion Failure

Weakness Enumeration

CWE-20CWE-617

Related Identifiers

AZL-66899
AZL-73881
BDU:2025-15547
CVE-2025-38701
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-8425-474F-65AB
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2532
OESA-2025-2536
OESA-2025-2537
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
Ext4