| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090452-CVE-2025-38698-e0e3@gregkh> Date: Thu, 4 Sep 2025 17:33:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38698: jfs: Regular file corruption check From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. The Linux kernel CVE team has assigned CVE-2025-38698 to this issue. Affected and fixed versions =========================== Fixed in 5.4.297 with commit 9f896c3d0192241d6438be6963682ace8203f502 Fixed in 5.10.241 with commit 6bc86f1d7d5419d5b19483ba203ca0b760c41c51 Fixed in 5.15.190 with commit 9ad054cd2c4ca8c371e555748832aa217c41fc65 Fixed in 6.1.149 with commit 9605cb2ea38ba014d0e704cba0dbbb00593fa9fd Fixed in 6.6.103 with commit 78989af5bbf55a0cf1165b0fa73921bc02f1543b Fixed in 6.12.43 with commit 00462be586b33076f8b8023e7ba697deedc131db Fixed in 6.15.11 with commit fd9454b7710b28060faa49b041f8283c435721a3 Fixed in 6.16.2 with commit 02edcfda419168d9405bffe55f18ea9c1bf92366 Fixed in 6.17-rc1 with commit 2d04df8116426b6c7b9f8b9b371250f666a2a2fb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38698 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/jfs/file.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9f896c3d0192241d6438be6963682ace8203f502 https://git.kernel.org/stable/c/6bc86f1d7d5419d5b19483ba203ca0b760c41c51 https://git.kernel.org/stable/c/9ad054cd2c4ca8c371e555748832aa217c41fc65 https://git.kernel.org/stable/c/9605cb2ea38ba014d0e704cba0dbbb00593fa9fd https://git.kernel.org/stable/c/78989af5bbf55a0cf1165b0fa73921bc02f1543b https://git.kernel.org/stable/c/00462be586b33076f8b8023e7ba697deedc131db https://git.kernel.org/stable/c/fd9454b7710b28060faa49b041f8283c435721a3 https://git.kernel.org/stable/c/02edcfda419168d9405bffe55f18ea9c1bf92366 https://git.kernel.org/stable/c/2d04df8116426b6c7b9f8b9b371250f666a2a2fb
Powered by blists - more mailing lists