CVE-2025-38204: In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must…

high7.1CVSS 3.1

AVLACLPRLUINSUCHINAH

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	linux	< linux 5.10.244-1 (bullseye)	linux 5.10.244-1 (bullseye)
linux	linux	—	—
linux	linux	>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 81af4b34fd72d390d7f237c6a545cc6d09707956	81af4b34fd72d390d7f237c6a545cc6d09707956
linux	linux	>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < bfa4655d28f338e68d345aed80d19be7999bbce2	bfa4655d28f338e68d345aed80d19be7999bbce2
linux	linux	>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 44618bee303bed151ef3a525ff79fbd7689593b5	44618bee303bed151ef3a525ff79fbd7689593b5
linux	linux	>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < c8399564a58fb6ea2ff21a6fd278417943cb51a5	c8399564a58fb6ea2ff21a6fd278417943cb51a5
linux	linux	>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5dff41a86377563f7a2b968aae00d25b4ceb37c9	5dff41a86377563f7a2b968aae00d25b4ceb37c9
linux	linux_kernel	< 5.4.295	5.4.295
linux	linux_kernel	>= 0 < 5.10.244-1	5.10.244-1
linux	linux_kernel	>= 0 < 6.16.3-1	6.16.3-1
linux	linux_kernel	>= 0 < 5.15.0-156.166	5.15.0-156.166
linux	linux_kernel	>= 5.11 < 5.15.186	5.15.186
linux	linux_kernel	>= 5.16 < 6.15.4	6.15.4
linux	linux_kernel	>= 5.5 < 5.10.239	5.10.239
msrc	azl3_kernel_6.6.92.2-2_on_azure_linux_3.0	—	—
msrc	cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0	—	—
msrc	cm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0	—	—

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

osv7.1HIGH