Out-of-Bounds Access Vulnerability in Linux Kernel F2FS Filesystem
CVE-2025-38652

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38652?

A vulnerability exists in the F2FS filesystem of the Linux kernel that could allow for out-of-bounds access due to improper handling of device path lengths. When device path lengths reach the maximum limit, the allocation of memory for the device path does not allow for a terminating null character, resulting in potential misinterpretation of memory contents. This could lead to the incorrect parsing of device paths, which can compromise the integrity of the file system and potentially allow for unauthorized access or data corruption.

Affected Version(s)

Linux 3c62be17d4f562f43fe1d03b48194399caa35aa5 < 3466721f06edff834f99d9f49f23eabc6b2cb78e

Linux 3c62be17d4f562f43fe1d03b48194399caa35aa5 < 345fc8d1838f3f8be7c8ed08d86a13dedef67136

Linux 3c62be17d4f562f43fe1d03b48194399caa35aa5 < 70849d33130a2cf1d6010069ed200669c8651fbd

References

https://git.kernel.org/stable/c/3466721f06edff834f99d9f49...

https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d...

https://git.kernel.org/stable/c/70849d33130a2cf1d6010069e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025