Out-of-Bounds Read in Linux Kernel ext4 Filesystem
CVE-2025-37785
What is CVE-2025-37785?
A vulnerability exists in the Linux kernel's ext4 filesystem which leads to an out-of-bounds read. When a corrupted filesystem with a directory containing a maliciously crafted '.' entry is mounted, it may cause the system to read data beyond allocated memory bounds. The flaw arises from the assumption that every ext4 directory entry contains the expected '.' and '..' entries, failing the necessary sanity checks when the rec_len of the '.' entry is precisely aligned with the block size. Exploiting this vulnerability could potentially expose sensitive data or lead to unexpected system behavior. The issue was identified through the syzkaller tool, highlighting the importance of rigorous security checks in filesystem management.
Affected Version(s)
Linux ac27a0ec112a089f1a5102bc8dffc79c8c815571 < 14da7dbecb430e35b5889da8dae7bef33173b351
Linux ac27a0ec112a089f1a5102bc8dffc79c8c815571
Linux ac27a0ec112a089f1a5102bc8dffc79c8c815571