CVE-2025-39840

Published: Sep 19, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]

Vendor	Product	Versions
Linux	Linux	affected `e92eebb0d6116f942ab25dfb1a41905aa59472a8 - < 9735a9dcc307427e7d6336c54171682f1bac9789` affected `e92eebb0d6116f942ab25dfb1a41905aa59472a8 - < 4540f1d23e7f387880ce46d11b5cd3f27248bf8d`
Linux	Linux	affected `6.14` unaffected `0 - < 6.14` unaffected `6.16.6 - <= 6.16.` unaffected `6.17 - <= `

References

https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789

https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39840

Description

Affected Products

References