Memory Management Vulnerability in Linux Kernel JFS Component

CVE-2025-38230

What is CVE-2025-38230?

A vulnerability has been identified in the Linux kernel pertaining to the JFS (Journaling File System) component. The issue arises during the validation of allocation group (AG) parameters within the dbMount function. Specifically, the parameters db_agheight, db_agwidth, and db_agstart must be validated to prevent crashes caused by corrupted metadata. Improper handling of these parameters can lead to undefined behavior in subsequent database allocation processes. The validation ensures that the parameters fall within acceptable ranges, leveraging defined limits to maintain system stability. This vulnerability was discovered by the Linux Verification Center using the Syzkaller testing tool.

References