File Size Truncation Issue in OrangeFS from Linux Kernel
CVE-2025-38065

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38065?

A file size truncation vulnerability exists in OrangeFS due to improper handling of the 'len' variable, used to store file sizes read from i_size_read(). On 32-bit systems, this can improperly limit the file size to 4GiB, leading to potential data integrity issues. Users are encouraged to update their systems to ensure proper handling of file sizes and avoid unexpected truncation.

Affected Version(s)

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f < 341e3a5984cf5761f3dab16029d7e9fb1641d5ff

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f < 5111227d7f1f57f6804666b3abf780a23f44fc1d

References

https://git.kernel.org/stable/c/ceaf195ed285b77791e29016e...

https://git.kernel.org/stable/c/341e3a5984cf5761f3dab1602...

https://git.kernel.org/stable/c/5111227d7f1f57f6804666b3a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025

JSON