-

CVE-2025-38579

EPSS 0.04%
Veröffentlicht 19.08.2025 17:15:35
Zuletzt bearbeitet 28.08.2025 15:15:54
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix KMSAN uninit-value in extent_info usage

KMSAN reported a use of uninitialized value in `__is_extent_mergeable()`
 and `__is_back_mergeable()` via the read extent tree path.

The root cause is that `get_read_extent_info()` only initializes three
fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the
remaining fields uninitialized. This leads to undefined behavior
when those fields are accessed later, especially during
extent merging.

Fix it by zero-initializing the `extent_info` struct before population.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 08e8ab00a6d20d5544c932ee85a297d833895141

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < e68b751ec2b15d866967812c57cfdfc1eba6a269

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < 44a79437309e0ee2276ac17aaedc71253af253a8

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < cc1615d5aba4f396cf412579928539a2b124c8a0

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < 01b6f5955e0008af6bc3a181310d2744bb349800

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

Version < 154467f4ad033473e5c903a03e7b9bca7df9a0fa

Version 94afd6d6e5253179c9b891d02081cc8355a11768

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.148

Status unaffected

Version <= 6.6.*

Version 6.6.102

Status unaffected

Version <= 6.12.*

Version 6.12.42

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/01b6f5955e0008af6bc3a181310d2744bb349800

https://git.kernel.org/stable/c/154467f4ad033473e5c903a03e7b9bca7df9a0fa

https://git.kernel.org/stable/c/44a79437309e0ee2276ac17aaedc71253af253a8

https://git.kernel.org/stable/c/cc1615d5aba4f396cf412579928539a2b124c8a0

https://git.kernel.org/stable/c/dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898

https://git.kernel.org/stable/c/e68b751ec2b15d866967812c57cfdfc1eba6a269

https://git.kernel.org/stable/c/08e8ab00a6d20d5544c932ee85a297d833895141

https://nvd.nist.gov/vuln/detail/CVE-2025-38579

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38579

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38579

EUVD