CVE-2025-38698
Description
In the Linux kernel, the following vulnerability has been resolved:
jfs: Regular file corruption check
The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in JFS allows corrupted files with negative i_size to trigger operation failures; a check is added to detect such files on open.
Vulnerability
CVE-2025-38698 addresses a flaw in the Linux kernel's JFS (Journaled File System) implementation. The issue arises when a file on disk is corrupted to have a negative i_size value, which then leads to subsequent file operations failing. The official description states that the reproducer builds such a corrupted file, and the fix adds a check when opening the file to prevent these failures [1].
Exploitation
No special network access is required; an attacker with the ability to create or modify a disk image with a crafted JFS filesystem could trigger the condition. When the corrupted file is opened, the kernel detects the negative i_size and, without the patch, would proceed with operations that may fail or cause unpredictable behavior.
Impact
The impact is limited to denial of service or operational failures on the affected system. The CVSS v3 base score of 5.5 (Medium) reflects the requirement for either physical or local access to mount the filesystem, and the potential for disruption of file system operations.
Mitigation
Siemens has listed its SIMATIC CN 4100 as an affected product and recommends updating to version V5.0 or later to remediate this and numerous other CVEs [1]. Linux kernel stable branches have been patched, as indicated by the kernel.org commit references.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 2.6.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.kernel.org/stable/c/00462be586b33076f8b8023e7ba697deedc131dbnvdPatch
- git.kernel.org/stable/c/02edcfda419168d9405bffe55f18ea9c1bf92366nvdPatch
- git.kernel.org/stable/c/2d04df8116426b6c7b9f8b9b371250f666a2a2fbnvdPatch
- git.kernel.org/stable/c/6bc86f1d7d5419d5b19483ba203ca0b760c41c51nvdPatch
- git.kernel.org/stable/c/78989af5bbf55a0cf1165b0fa73921bc02f1543bnvdPatch
- git.kernel.org/stable/c/9605cb2ea38ba014d0e704cba0dbbb00593fa9fdnvdPatch
- git.kernel.org/stable/c/9ad054cd2c4ca8c371e555748832aa217c41fc65nvdPatch
- git.kernel.org/stable/c/9f896c3d0192241d6438be6963682ace8203f502nvdPatch
- git.kernel.org/stable/c/fd9454b7710b28060faa49b041f8283c435721a3nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories