Out-of-Bounds Read in Linux Kernel ext4 Filesystem

CVE-2025-37785

Summary

A vulnerability exists in the Linux kernel's ext4 filesystem which leads to an out-of-bounds read. When a corrupted filesystem with a directory containing a maliciously crafted '.' entry is mounted, it may cause the system to read data beyond allocated memory bounds. The flaw arises from the assumption that every ext4 directory entry contains the expected '.' and '..' entries, failing the necessary sanity checks when the rec_len of the '.' entry is precisely aligned with the block size. Exploiting this vulnerability could potentially expose sensitive data or lead to unexpected system behavior. The issue was identified through the syzkaller tool, highlighting the importance of rigorous security checks in filesystem management.

References