CVE-2025-38663

nilfs2: reject invalid file types when reading inodes

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/dd298c0b889acd3ecaf48b6e840c9ab91882e342
https://git.kernel.org/stable/c/2cf0c4130bf340be3935d097a3dcbfefdcf65815
https://git.kernel.org/stable/c/98872a934ea6a95985fb6a3655a78a5f0c114e82
https://git.kernel.org/stable/c/1a5c204e175a78556b8ef1f7683249fa5197295a
https://git.kernel.org/stable/c/bf585ee198bba4ff25b0d80a0891df4656cb0d08
https://git.kernel.org/stable/c/79663a15a1c70ca84f86f2dbba07b423fe7d5d4f
https://git.kernel.org/stable/c/42cd46b3a8b1497b9258dc7ac445dbd6beb73e2f
https://git.kernel.org/stable/c/4aead50caf67e01020c8be1945c3201e8a972a27

Frequently Asked Questions

What is the severity of CVE-2025-38663?
CVE-2025-38663 has not yet been assigned a CVSS score.
How to fix CVE-2025-38663?
To fix CVE-2025-38663, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38663 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38663 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38663?
CVE-2025-38663 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.