-

CVE-2025-38701

EPSS 0.05%
Veröffentlicht 04.09.2025 15:32:53
Zuletzt bearbeitet 05.09.2025 17:47:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()
when an inode had the INLINE_DATA_FL flag set but was missing the
system.data extended attribute.

Since this can happen due to a maiciouly fuzzed file system, we
shouldn't BUG, but rather, report it as a corrupted file system.

Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii
ext4_create_inline_data() and ext4_inline_data_truncate().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8085a7324d8ec448c4a764af7853e19bbd64e17a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1199a6399895f4767f0b9a68a6ff47c3f799b7c7

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 7f322c12df7aeed1755acd3c6fab48c7807795fb

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2817ac83cb4732597bf36853fe13ca616f4ee4e2

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d960f4b793912f35e9d72bd9d1e90553063fcbf1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 279c87ef7b9da34f65c2e4db586e730b667a6fb9

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 8a6f89d42e61788605722dd9faf98797c958a7e5

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7853e19bbd64e17a

https://git.kernel.org/stable/c/1199a6399895f4767f0b9a68a6ff47c3f799b7c7

https://git.kernel.org/stable/c/7f322c12df7aeed1755acd3c6fab48c7807795fb

https://git.kernel.org/stable/c/2817ac83cb4732597bf36853fe13ca616f4ee4e2

https://git.kernel.org/stable/c/d960f4b793912f35e9d72bd9d1e90553063fcbf1

https://git.kernel.org/stable/c/81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c

https://git.kernel.org/stable/c/279c87ef7b9da34f65c2e4db586e730b667a6fb9

https://git.kernel.org/stable/c/8a6f89d42e61788605722dd9faf98797c958a7e5

https://git.kernel.org/stable/c/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42

https://nvd.nist.gov/vuln/detail/CVE-2025-38701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38701

EUVD