Linux Kernel Vulnerability in ext4 File System
CVE-2025-38701

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38701?

A vulnerability exists in the ext4 file system of the Linux kernel where a BUG_ON trigger occurs if an inode has the INLINE_DATA_FL flag set but lacks the necessary system.data extended attribute. This flaw can be exploited through specially crafted filesystems, leading to improper error handling. Instead of crashing the system, the code should report the situation as a corrupted filesystem, ensuring more graceful error management and system stability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8085a7324d8ec448c4a764af7853e19bbd64e17a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1199a6399895f4767f0b9a68a6ff47c3f799b7c7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7f322c12df7aeed1755acd3c6fab48c7807795fb

References

https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7...

https://git.kernel.org/stable/c/1199a6399895f4767f0b9a68a...

https://git.kernel.org/stable/c/7f322c12df7aeed1755acd3c6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025