CVE-2025-39888 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 23

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel6.16 — 6.16.8+1

▶Debianlinux/linux_kernel< 6.16.8-1

▶CVEListV5linux/linux3568a956932621cafadafc8b75fcf6dc06555105 — 623719227b114d73a2cee45f1b343ced63ce09ec+2

▶debiandebian/linux< linux 6.16.8-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2025-39888: In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in f↗2025-09-23

▶

GHSA

GHSA-jgjw-jx49-6q8j: In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in↗2025-09-23

▶

📋Vendor Advisories

Red Hat

kernel: fuse: Block access to folio overlimit↗2025-09-23

▶

Debian

CVE-2025-39888: linux - In the Linux kernel, the following vulnerability has been resolved: fuse: Block...↗2025

▶