Out-of-Bounds Read in Linux Kernel ext4 Filesystem
CVE-2025-37785

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-37785?

A vulnerability exists in the Linux kernel's ext4 filesystem which leads to an out-of-bounds read. When a corrupted filesystem with a directory containing a maliciously crafted '.' entry is mounted, it may cause the system to read data beyond allocated memory bounds. The flaw arises from the assumption that every ext4 directory entry contains the expected '.' and '..' entries, failing the necessary sanity checks when the rec_len of the '.' entry is precisely aligned with the block size. Exploiting this vulnerability could potentially expose sensitive data or lead to unexpected system behavior. The issue was identified through the syzkaller tool, highlighting the importance of rigorous security checks in filesystem management.

Affected Version(s)

Linux ac27a0ec112a089f1a5102bc8dffc79c8c815571 < 14da7dbecb430e35b5889da8dae7bef33173b351

Linux ac27a0ec112a089f1a5102bc8dffc79c8c815571

References

https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8d...

https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a...

https://git.kernel.org/stable/c/b7531a4f99c3887439d778afa...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025