#VU108257 Out-of-bounds read in Linux kernel - CVE-2025-37739
Vulnerability identifier: #VU108257
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_truncate_inode_blocks() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13, 6.12.14, 6.12.15, 6.12.16, 6.12.17, 6.12.18, 6.12.19, 6.12.20, 6.12.21, 6.12.22, 6.12.23
External links
https://git.kernel.org/stable/c/67e16ccba74dd8de0a7b10062f1e02d77432f573
https://git.kernel.org/stable/c/6ba8b41d0aa4b82f90f0c416cb53fcef9696525d
https://git.kernel.org/stable/c/8b5e5aac44fee122947a269f9034c048e4c295de
https://git.kernel.org/stable/c/98dbf2af63de0b551082c9bc48333910e009b09f
https://git.kernel.org/stable/c/a67e1bf03c609a751d1740a1789af25e599966fa
https://git.kernel.org/stable/c/d7242fd7946d4cba0411effb6b5048ca55125747
https://git.kernel.org/stable/c/e6494977bd4a83862118a05f57a8df40256951c0
https://git.kernel.org/stable/c/ecc461331604b07cdbdb7360dbdf78471653264c
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.24
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
