CVE-2025-38697

HIGH

Linux Kernel < 5.4.297 - Improper Array Index Validation

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted.

References (11)

[Patch] https://git.kernel.org/stable/c/1467a75819e41341cd5ebd16faa2af1ca3c8f4fe

[Patch] https://git.kernel.org/stable/c/173cfd741ad7073640bfb7e2344c2a0ee005e769

[Patch] https://git.kernel.org/stable/c/2dd05f09cc323018136a7ecdb3d1007be9ede27f

[Patch] https://git.kernel.org/stable/c/30e19a884c0b11f33821aacda7e72e914bec26ef

[Patch] https://git.kernel.org/stable/c/49ea46d9025aa1914b24ea957636cbe4367a7311

[Patch] https://git.kernel.org/stable/c/5bdb9553fb134fd52ec208a8b378120670f6e784

[Patch] https://git.kernel.org/stable/c/a4f199203f79ca9cd7355799ccb26800174ff093

[Patch] https://git.kernel.org/stable/c/c214006856ff52a8ff17ed8da52d50601d54f9ce

[Patch] https://git.kernel.org/stable/c/c8ca21a2836993d7cb816668458e05e598574e55

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-129

Status published

Products (31)

debian/debian_linux 11.0

linux/Kernel 2.6.12 - 5.4.297linux

linux/Kernel 5.11.0 - 5.15.190linux

linux/Kernel 5.16.0 - 6.1.149linux

linux/Kernel 5.5.0 - 5.10.241linux

linux/Kernel 6.13.0 - 6.15.11linux

linux/Kernel 6.16.0 - 6.16.2linux

linux/Kernel 6.2.0 - 6.6.103linux

linux/Kernel 6.7.0 - 6.12.43linux

Linux/Linux < 2.6.12

... and 21 more

Published Sep 04, 2025

Tracked Since Feb 18, 2026