Buffer Overflow Vulnerability in Linux Kernel's JFFS2 File System
CVE-2025-38194

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38194?

A buffer overflow vulnerability exists in the Linux kernel's JFFS2 file system, specifically in the handling of preallocated raw node references. The flaw arises when the jffs2_sum_write_sumnode function fails to properly check the return value of jffs2_prealloc_raw_node_refs, allowing errors to propagate unchecked. This may lead to potential system instability or crashes when the kernel attempts to manage file system data incorrectly. Implementing a proper return value check can mitigate the risk associated with this vulnerability.

Affected Version(s)

Linux 2f785402f39b96a077b6e62bf26164bfb8e0c980 < 337f80f3d546e131c7aa90b61d8cde051ae858c7

Linux 2f785402f39b96a077b6e62bf26164bfb8e0c980 < 8ce46dc5b10b0b6f67663202a4921b0e11ad7367

Linux 2f785402f39b96a077b6e62bf26164bfb8e0c980 < 4adee34098a6ee86a54bf3ec885eab620c126a6b

References

https://git.kernel.org/stable/c/337f80f3d546e131c7aa90b61...

https://git.kernel.org/stable/c/8ce46dc5b10b0b6f67663202a...

https://git.kernel.org/stable/c/4adee34098a6ee86a54bf3ec8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025