Linux Kernel Vulnerability in gfs2 Exhash Directory Handling
CVE-2025-38710

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38710?

A vulnerability in the gfs2 component of the Linux kernel relates to improper validation of the i_depth for exhash directories. When a fuzzing test creates a scenario resulting in a depth value of zero, it leads to an undefined shift operation. This happens during the reading process of directories, where the incorrectly calculated depth can cause instability and potentially allow for further exploitation. The issue can be mitigated by ensuring depth values do not fall below the minimum threshold, which is determined based on the configuration during the mounting of the filesystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 53a0249d68a210c16e961b83adfa82f94ee0a53d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9680c58675b82348ab84d387e4fa727f7587e1a0

References

https://git.kernel.org/stable/c/53a0249d68a210c16e961b83a...

https://git.kernel.org/stable/c/b5f46951e62377b6e406fadc1...

https://git.kernel.org/stable/c/9680c58675b82348ab84d387e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025