Out-of-Bound Access Vulnerability in Linux Kernel's F2FS Filesystem
CVE-2025-38677

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 August 2025

What is CVE-2025-38677?

This vulnerability in the Linux kernel's F2FS filesystem is caused by an out-of-bounds access issue, whereby a corrupted directory node (dnode) with the same node ID as its inode can lead to improper memory access. When the function f2fs_get_dnode_of_data() tries to access the block address in the dnode, it misinterprets it as an inode. This results in an attempt to access a memory location outside allowable bounds. To mitigate this issue, a sanity check for node IDs is implemented during the execution of f2fs_get_dnode_of_data() to prevent such erroneous accesses.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6b7784ea07e6aa044f74b39d6b5af5e28746fc81

References

https://git.kernel.org/stable/c/ee4d13f5407cbdf1216cc258f...

https://git.kernel.org/stable/c/a650654365c57407413e9b1f6...

https://git.kernel.org/stable/c/6b7784ea07e6aa044f74b39d6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2025
Vulnerability Reserved
Apr 16, 2025