SB2025083105 - Out-of-bounds read in Linux kernel f2fs
Published: August 31, 2025
Security Bulletin ID
SB2025083105
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38677)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_get_dnode_of_data() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6b7784ea07e6aa044f74b39d6b5af5e28746fc81
- https://git.kernel.org/stable/c/77de19b6867f2740cdcb6c9c7e50d522b47847a4
- https://git.kernel.org/stable/c/888aa660144bcb6ec07839da756ee46bfcf7fc53
- https://git.kernel.org/stable/c/901f62efd6e855f93d8b1175540f29f4dc45ba55
- https://git.kernel.org/stable/c/92ef491b506a0f4dd971a3a76f86f2d8f5370180
- https://git.kernel.org/stable/c/a650654365c57407413e9b1f6ff4d539bf2e99ca
- https://git.kernel.org/stable/c/ee4d13f5407cbdf1216cc258f45492075713889a
- https://git.kernel.org/stable/c/f1d5093d9fe9f3c74c123741c88666cc853b79c5