Array Index Out-of-Bounds Vulnerability in Linux Kernel
CVE-2025-38204

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38204?

A vulnerability has been identified in the Linux kernel affecting the JFS (Journaling File System) component. This issue arises due to an array-index-out-of-bounds read in the 'add_missing_indices' function. Specifically, it relates to the handling of offsets that can range from 0 to 127, leading to potential system instability. A bound check has been introduced to mitigate the risk, returning an error code (-EIO) if the check fails. This fix enhances the reliability of the JFS by ensuring that appropriate error handling is implemented during read operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 81af4b34fd72d390d7f237c6a545cc6d09707956

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 44618bee303bed151ef3a525ff79fbd7689593b5

References

https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a...

https://git.kernel.org/stable/c/bfa4655d28f338e68d345aed8...

https://git.kernel.org/stable/c/44618bee303bed151ef3a525f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025