CVE-2025-39840Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 94.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 19
Latest updateSep 22

Description

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subse

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel6.146.16.6+1
Debianlinux/linux_kernel< 6.16.6-1
CVEListV5linux/linuxe92eebb0d6116f942ab25dfb1a41905aa59472a89735a9dcc307427e7d6336c54171682f1bac9789+2
debiandebian/linux< linux 6.16.6-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-cwjm-393v-32x2: In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=2025-09-22
OSV
CVE-2025-39840: In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/2025-09-19

📋Vendor Advisories

2
Red Hat
kernel: audit: fix out-of-bounds read in audit_compare_dname_path()2025-09-19
Debian
CVE-2025-39840: linux - In the Linux kernel, the following vulnerability has been resolved: audit: fix ...2025

💬Community

1
Bugzilla
CVE-2025-39840 kernel: audit: fix out-of-bounds read in audit_compare_dname_path()2025-09-19
CVE-2025-39840 — Out-of-bounds Read in Linux | cvebase