CVE-2025-37785Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read104 documents7 sources
Severity
7.1HIGHNVD
OSV8.8OSV7.8OSV5.9OSV5.5OSV4.7OSV4.4
EPSS
0.1%
top 82.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedApr 18
Latest updateNov 19

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_che

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages9 packages

NVDlinux/linux_kernel2.6.195.10.236+6
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-142.152+5
CVEListV5linux/linuxac27a0ec112a089f1a5102bc8dffc79c8c81557114da7dbecb430e35b5889da8dae7bef33173b351+9

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

51
OSV
linux-oracle vulnerabilities2025-11-19
OSV
linux-fips vulnerabilities2025-11-10
OSV
linux-raspi-5.4 vulnerabilities2025-11-07
OSV
linux-kvm vulnerabilities2025-10-30
OSV
linux-oracle-5.4 vulnerabilities2025-10-24

📋Vendor Advisories

52
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-11-19
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-11-10
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-11-07
Ubuntu
Linux kernel (KVM) vulnerabilities2025-10-30
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-24
CVE-2025-37785 — Out-of-bounds Read in Linux | cvebase