CVE-2025-38204

jfs: fix array-index-out-of-bounds read in add_missing_indices

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956
https://git.kernel.org/stable/c/bfa4655d28f338e68d345aed80d19be7999bbce2
https://git.kernel.org/stable/c/44618bee303bed151ef3a525ff79fbd7689593b5
https://git.kernel.org/stable/c/c8399564a58fb6ea2ff21a6fd278417943cb51a5
https://git.kernel.org/stable/c/5dff41a86377563f7a2b968aae00d25b4ceb37c9

Frequently Asked Questions

What is the severity of CVE-2025-38204?: CVE-2025-38204 has not yet been assigned a CVSS score.
How to fix CVE-2025-38204?: To fix CVE-2025-38204, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38204 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-38204 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38204?: CVE-2025-38204 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.