CVE-2025-38701
Published: Sep 4, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data() and ext4_inline_data_truncate().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 67cf5b09a46f72e048501b84996f2f77bc42e947 - < 8085a7324d8ec448c4a764af7853e19bbd64e17aaffected 67cf5b09a46f72e048501b84996f2f77bc42e947 - < 1199a6399895f4767f0b9a68a6ff47c3f799b7c7affected 67cf5b09a46f72e048501b84996f2f77bc42e947 - < 7f322c12df7aeed1755acd3c6fab48c7807795fbaffected 67cf5b09a46f72e048501b84996f2f77bc42e947 - < 2817ac83cb4732597bf36853fe13ca616f4ee4e2affected 67cf5b09a46f72e048501b84996f2f77bc42e947 - < d960f4b793912f35e9d72bd9d1e90553063fcbf1+4 more versions |
Linux | Linux | affected 3.8unaffected 0 - < 3.8unaffected 5.4.297 - <= 5.4.*unaffected 5.10.241 - <= 5.10.*unaffected 5.15.190 - <= 5.15.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now