CVE-2025-38222
published 2025-07-04CVE-2025-38222: In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
ext4: inline: fix len overflow in ext4_prepare_inline_data
When running the following code on an ext4 filesystem with inline_data
feature enabled, it will lead to the bug below.
fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666);
ftruncate(fd, 30);
pwrite(fd, "a", 1, (1UL EXT4_I(inode)->i_inline_size);
at ext4_write_inline_data.
Fix it by using a loff_t type for the len parameter in
ext4_prepare_inline_data instead of an unsigned int.
[ 44.545164] ------------[ cut here ]------------
[ 44.545530] kernel BUG at fs/ext4/inline.c:240!
[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI
[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb
[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100
[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49
[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216
[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006
[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738
[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000
[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738
[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000
[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0
[ 44.546523] PKRU: 55555554
[ 44.546523] Call Trace:
[ 44.546523]
[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0
[ 44.54652
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < d3dfc60efd145df5324b99a244b0b05505cde29b | d3dfc60efd145df5324b99a244b0b05505cde29b |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 717414a8c083c376d4a8940a1230fe0c6ed4ee00 | 717414a8c083c376d4a8940a1230fe0c6ed4ee00 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 9d1d1c5bf4fc1af76be154d3afb2acdbd89ec7d8 | 9d1d1c5bf4fc1af76be154d3afb2acdbd89ec7d8 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < cf5f319a2d8ab8238f8cf3a19463b9bff6420934 | cf5f319a2d8ab8238f8cf3a19463b9bff6420934 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 26e09d18599da0adc543eabd300080daaeda6869 | 26e09d18599da0adc543eabd300080daaeda6869 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 5766da2237e539f259aa0e5f3639ae37b44ca458 | 5766da2237e539f259aa0e5f3639ae37b44ca458 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < e80ee0263d88d77f2fd1927f915003a7066cbb50 | e80ee0263d88d77f2fd1927f915003a7066cbb50 |
| linux | linux | >= f19d5870cbf72d4cb2a8e1f749dff97af99b071e < 227cb4ca5a6502164f850d22aec3104d7888b270 | 227cb4ca5a6502164f850d22aec3104d7888b270 |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 3.8 < 5.4.295 | 5.4.295 |
| linux | linux_kernel | >= 5.11 < 5.15.186 | 5.15.186 |
| linux | linux_kernel | >= 5.16 < 6.1.142 | 6.1.142 |
| linux | linux_kernel | >= 5.5 < 5.10.239 | 5.10.239 |
| linux | linux_kernel | >= 6.13 < 6.15.4 | 6.15.4 |
| linux | linux_kernel | >= 6.2 < 6.6.95 | 6.6.95 |
| linux | linux_kernel | >= 6.7 < 6.12.35 | 6.12.35 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM