Buffer Overflow Vulnerability in Linux Kernel Affecting Network File System
CVE-2025-38139

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38139?

A vulnerability in the Linux kernel’s network file system could cause a buffer overflow due to improper resetting of the subrequest iterator during write operations. When the iterator is mismanaged, it may lead to inaccurate data handling, resulting in potential crashes or instability in the kernel, particularly visible through Kernel Address Sanitizer (KASAN) errors. This flaw underscores the importance of correctly managing subrequest data transfers to prevent unexpected behaviors in network operations.

Affected Version(s)

Linux cd0277ed0c188dd40e7744e89299af7b78831ca4

Linux cd0277ed0c188dd40e7744e89299af7b78831ca4 < 4481f7f2b3df123ec77e828c849138f75cff2bf2

Linux 6.12

References

https://git.kernel.org/stable/c/bd0edaf99a920b1a9decd7731...

https://git.kernel.org/stable/c/4481f7f2b3df123ec77e828c8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025