#VU111702 Input validation error in Linux kernel - CVE-2025-38065


Vulnerability identifier: #VU111702

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38065

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/062e8093592fb866b8e016641a8b27feb6ac509d
https://git.kernel.org/stable/c/121f0335d91e46369bf55b5da4167d82b099a166
https://git.kernel.org/stable/c/15602508ad2f923e228b9521960b4addcd27d9c4
https://git.kernel.org/stable/c/2323b806221e6268a4e17711bc72e2fc87c191a3
https://git.kernel.org/stable/c/341e3a5984cf5761f3dab16029d7e9fb1641d5ff
https://git.kernel.org/stable/c/5111227d7f1f57f6804666b3abf780a23f44fc1d
https://git.kernel.org/stable/c/cd918ec24168fe08c6aafc077dd3b6d88364c5cf
https://git.kernel.org/stable/c/ceaf195ed285b77791e29016ee6344b3ded609b3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Input validation error in Linux kernel orangefs