-
CVE-2025-39840
- EPSS 0.02%
- Veröffentlicht 19.09.2025 15:26:15
- Zuletzt bearbeitet 22.09.2025 21:23:01
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
9735a9dcc307427e7d6336c54171682f1bac9789
Version
e92eebb0d6116f942ab25dfb1a41905aa59472a8
Status
affected
Version <
4540f1d23e7f387880ce46d11b5cd3f27248bf8d
Version
e92eebb0d6116f942ab25dfb1a41905aa59472a8
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.14
Status
affected
Version <
6.14
Version
0
Status
unaffected
Version <=
6.16.*
Version
6.16.6
Status
unaffected
Version <=
*
Version
6.17-rc5
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|