CVE-2025-38697

Vulnerability

Overview

In the Linux kernel, the JFS filesystem's dbAllocAG function computes a tree index without verifying it against the size of the stree array. This missing upper bound check can cause an out-of-bounds read or write when the filesystem metadata is corrupted. The issue is present in the JFS allocation logic and can be triggered by specially crafted or corrupted on-disk structures [1].

Exploitation

Prerequisites

Exploitation requires an attacker to have the ability to corrupt JFS filesystem metadata, either through physical access, a compromised storage device, or by mounting a maliciously crafted filesystem image. No additional privileges beyond those needed to mount the filesystem are required, but the attacker must control or influence the on-disk data that dbAllocAG processes [1].

Impact

An out-of-bounds access resulting from this flaw could lead to system instability, denial of service, or potentially arbitrary code execution, depending on how the corrupted index is used by the kernel. The Linux kernel's memory safety mechanisms may mitigate some exploitation paths, but the severity is rated as High with a CVSS v3 of 7.8 [1].

Mitigation

Patches for this vulnerability have been committed to the Linux kernel stable tree. Users should update to a kernel version containing the fix, which introduces the missing upper bound check in dbAllocAG. The issue affects JFS filesystems and any system using the JFS driver with untrusted filesystem images [2][3][4].