fkie_cve-2025-38663
Vulnerability from fkie_nvd
Published
2025-08-22 16:15
Modified
2025-08-28 15:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a5c204e175a78556b8ef1f7683249fa5197295a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2cf0c4130bf340be3935d097a3dcbfefdcf65815
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/42cd46b3a8b1497b9258dc7ac445dbd6beb73e2f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4aead50caf67e01020c8be1945c3201e8a972a27
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/79663a15a1c70ca84f86f2dbba07b423fe7d5d4f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/98872a934ea6a95985fb6a3655a78a5f0c114e82
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bf585ee198bba4ff25b0d80a0891df4656cb0d08
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dd298c0b889acd3ecaf48b6e840c9ab91882e342
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: reject invalid file types when reading inodes\n\nTo prevent inodes with invalid file types from tripping through the vfs\nand causing malfunctions or assertion failures, add a missing sanity check\nwhen reading an inode from a block device.  If the file type is not valid,\ntreat it as a filesystem error."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: rechaza tipos de archivo no v\u00e1lidos al leer inodos. Para evitar que los inodos con tipos de archivo no v\u00e1lidos se filtren en el sistema de archivos virtual (VFS) y provoquen fallos de funcionamiento o de aserci\u00f3n, se ha a\u00f1adido una comprobaci\u00f3n de depuraci\u00f3n al leer un inodo desde un dispositivo de bloque. Si el tipo de archivo no es v\u00e1lido, se considera un error del sistema de archivos."
    }
  ],
  "id": "CVE-2025-38663",
  "lastModified": "2025-08-28T15:15:57.607",
  "metrics": {},
  "published": "2025-08-22T16:15:41.590",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1a5c204e175a78556b8ef1f7683249fa5197295a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2cf0c4130bf340be3935d097a3dcbfefdcf65815"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/42cd46b3a8b1497b9258dc7ac445dbd6beb73e2f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4aead50caf67e01020c8be1945c3201e8a972a27"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/79663a15a1c70ca84f86f2dbba07b423fe7d5d4f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/98872a934ea6a95985fb6a3655a78a5f0c114e82"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bf585ee198bba4ff25b0d80a0891df4656cb0d08"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dd298c0b889acd3ecaf48b6e840c9ab91882e342"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.