Linux Kernel Vulnerability in jfs Leading to Index Calculation Flaws
CVE-2025-38697

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38697?

A vulnerability exists in the Linux kernel's jfs filesystem where the tree index computation in the dbAllocAG function lacks proper upper bound checks. This oversight can be exploited, particularly in situations where the filesystem metadata is corrupted, potentially leading to unexpected behavior or crashes.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5bdb9553fb134fd52ec208a8b378120670f6e784

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1467a75819e41341cd5ebd16faa2af1ca3c8f4fe

References

https://git.kernel.org/stable/c/5bdb9553fb134fd52ec208a8b...

https://git.kernel.org/stable/c/a4f199203f79ca9cd7355799c...

https://git.kernel.org/stable/c/1467a75819e41341cd5ebd16f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025