5.5

CVE-2025-38701

ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()
when an inode had the INLINE_DATA_FL flag set but was missing the
system.data extended attribute.

Since this can happen due to a maiciouly fuzzed file system, we
shouldn't BUG, but rather, report it as a corrupted file system.

Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii
ext4_create_inline_data() and ext4_inline_data_truncate().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.8 < 5.4.297
LinuxLinux Kernel Version >= 5.5 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.149
LinuxLinux Kernel Version >= 6.2 < 6.6.103
LinuxLinux Kernel Version >= 6.7 < 6.12.43
LinuxLinux Kernel Version >= 6.13 < 6.15.11
LinuxLinux Kernel Version >= 6.16 < 6.16.2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7853e19bbd64e17a
Patch
https://git.kernel.org/stable/c/1199a6399895f4767f0b9a68a6ff47c3f799b7c7
Patch
https://git.kernel.org/stable/c/7f322c12df7aeed1755acd3c6fab48c7807795fb
Patch
https://git.kernel.org/stable/c/2817ac83cb4732597bf36853fe13ca616f4ee4e2
Patch
https://git.kernel.org/stable/c/d960f4b793912f35e9d72bd9d1e90553063fcbf1
Patch
https://git.kernel.org/stable/c/81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c
Patch
https://git.kernel.org/stable/c/279c87ef7b9da34f65c2e4db586e730b667a6fb9
Patch
https://git.kernel.org/stable/c/8a6f89d42e61788605722dd9faf98797c958a7e5
Patch
https://git.kernel.org/stable/c/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html