Buffer Overflow Vulnerability in Linux Kernel Affecting Extended Attributes
CVE-2025-39735

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability in the Linux kernel related to extended attributes can cause a buffer overflow due to improper validation of attribute sizes. In the function 'ea_get()', an integer overflow occurs when size checks lead to an excessively large size being utilized in subsequent processing. This flaw can cause memory access violations, ultimately leading to potential arbitrary code execution or system compromise if exploited by an attacker. It is crucial for users of affected Linux kernel versions to apply the necessary updates to mitigate this risk.

Affected Version(s)

Linux 6e39b681d1eb16f408493bf5023788b57f68998c < 3d6fd5b9c6acbc005e53d0211c7381f566babec1

Linux bbf3f1fd8a0ac7df1db36a9b9e923041a14369f2 < 50afcee7011155933d8d5e8832f52eeee018cfd3

Linux 27a93c45e16ac25a0e2b5e5668e2d1beca56a478 < 78c9cbde8880ec02d864c166bcb4fe989ce1d95f

References

https://git.kernel.org/stable/c/3d6fd5b9c6acbc005e53d0211...

https://git.kernel.org/stable/c/50afcee7011155933d8d5e883...

https://git.kernel.org/stable/c/78c9cbde8880ec02d864c166b...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025