CVE-2025-38697 — Improper Validation of Array Index in Linux

CWE-129 — Improper Validation of Array Index CWE-787 — Out-of-bounds Write CWE-444 — HTTP Request Smuggling31 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 96.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 4

Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.12.1 — 5.4.297+8

▶Debianlinux/linux_kernel< 5.10.244-1+3

▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — 5bdb9553fb134fd52ec208a8b378120670f6e784+9

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-323x-vj5p-jwh3: In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index↗2025-09-05

▶

CVEList

jfs: upper bound check of tree index in dbAllocAG↗2025-09-04

▶

OSV

CVE-2025-38697: In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in↗2025-09-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Xilinx) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2026-02-24

▶