Input validation error in Linux kernel jffs2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-38194 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU112332
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38194
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/337f80f3d546e131c7aa90b61d8cde051ae858c7
https://git.kernel.org/stable/c/346cfb9d19ea7feb6fb57917b21c4797fb444dab
https://git.kernel.org/stable/c/3f46644a5131a4793fc95c32a7d0a769745b06e7
https://git.kernel.org/stable/c/4adee34098a6ee86a54bf3ec885eab620c126a6b
https://git.kernel.org/stable/c/8ce46dc5b10b0b6f67663202a4921b0e11ad7367
https://git.kernel.org/stable/c/c0edcdb4fc106d69a2d1a0ce4868193511c389f3
https://git.kernel.org/stable/c/da12ef7e19048dc5714032c2db587a215852b200
https://git.kernel.org/stable/c/ec9e6f22bce433b260ea226de127ec68042849b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
