Out of Bounds Vulnerability in Linux Kernel ext4 Filesystem
CVE-2025-38221

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38221?

A vulnerability in the ext4 filesystem of the Linux kernel allows for out of bounds access when attempting to punch a hole with a starting offset that exceeds the maximum end value. This situation can lead to a negative length error during the truncate_inode_partial_folio() function execution while managing the page cache, causing potential system instability. To mitigate this issue, it is essential to filter out scenarios where the punch start offset exceeds the maximum permissible end value.

Affected Version(s)

Linux 982bf37da09d078570650b691d9084f43805a5de < 28b62cb58fd014338f5004170f2e3a35bf0af238

Linux 982bf37da09d078570650b691d9084f43805a5de

Linux 6.15

References

https://git.kernel.org/stable/c/28b62cb58fd014338f5004170...

https://git.kernel.org/stable/c/b5e58bcd79625423487fa3ecb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025