Slab Out-of-Bounds Write Vulnerability in Linux Kernel Affecting Fuse
CVE-2025-39888

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39888?

A vulnerability has been identified in the Linux kernel's FUSE subsystem, where a slab out-of-bounds write can occur in the 'fuse_dev_do_write' function. This issue arises when the amount of data to be retrieved exceeds the set limit defined by the 'fc->max_pages' parameter while also having an offset. Such conditions can lead to severe memory corruption and instability. The vulnerability has been patched by introducing a loop termination condition to prevent any potential overrun scenarios. It is crucial for system administrators to apply the latest updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Linux 3568a956932621cafadafc8b75fcf6dc06555105 < 623719227b114d73a2cee45f1b343ced63ce09ec

Linux 3568a956932621cafadafc8b75fcf6dc06555105 < 9d81ba6d49a7457784f0b6a71046818b86ec7e44

Linux 6.16

References

https://git.kernel.org/stable/c/623719227b114d73a2cee45f1...

https://git.kernel.org/stable/c/9d81ba6d49a7457784f0b6a71...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON