What is CVE-2025-38677?

CVE-2025-38677 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10, classified as a Out-of-bounds Read flaw (CWE-125), affecting Linux kernel versions from 3.8 onward and patched in 5.4.297, 5.10.241, 5.15.190 and others. CVE-2025-38677 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-38677?

CVE-2025-38677 has a CVSS score of 7.1 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Is there a patch available for CVE-2025-38677?

Yes, CVE-2025-38677 has been patched. Fixed versions include 5.4.297, 5.10.241, 5.15.190 and others. If you are running Linux kernel 3.8 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-38677 actively exploited?

CVE-2025-38677 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/125.html

CVE-2025-38677

High

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasan_report+0x147/0x180 mm/kasan/report.c:593 data_blkaddr fs/f2fs/f2fs.h:3053 [inline] f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline] f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855 f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195 prepare_write_begin fs/f2fs/data.c:3395 [inline] f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594 generic_perform_write+0x2c7/0x910 mm/filemap.c:4112 f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline] f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x546/0xa90 fs/read_write.c:686 ksys_write+0x149/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is in the corrupted image, there is a dnode has the same node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to access block address in dnode at offset 934, however it parses the dnode as inode node, so that get_dnode_addr() returns 360, then it tries to access page address from 360 + 934 * 4 = 4096 w/ 4 bytes. To fix this issue, let's add sanity check for node id of all direct nodes during f2fs_get_dnode_of_data().

Package Linux Kernel

Published 2025-08-30

Last modified 2026-05-12

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.1

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness type

CWE-125

CVE-2025-38677 is a Out-of-bounds Read vulnerability

What is Out-of-bounds Read?

The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

Affected versions

Linux kernel versions 3.8 and later are affected. Fixed in 5.4.297, 5.10.241, 5.15.190, 6.1.149, 6.6.103, 6.12.44, 6.16.4, 6.17 and their respective stable series.

Affected from

≥ 3.8

Fixed in

✓ 5.4.297 5.4.x ✓ 5.10.241 5.10.x ✓ 5.15.190 5.15.x ✓ 6.1.149 6.1.x ✓ 6.6.103 6.6.x ✓ 6.12.44 6.12.x ✓ 6.16.4 6.16.x ✓ 6.17

References

The following references provide additional information about CVE-2025-38677 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Kernel patch commit
https://git.kernel.org/stable/c/6b7784ea07e6aa044f74b39d6b5af5e28746fc81
Patch
Kernel patch commit
https://git.kernel.org/stable/c/77de19b6867f2740cdcb6c9c7e50d522b47847a4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/888aa660144bcb6ec07839da756ee46bfcf7fc53
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2025-38677

Severity High

CVSS score 7.1 / 10

CVSS version 3.1

Published 2025-08-30

Modified 2026-05-12

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-38677?

CVE-2025-38677 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 3.8 onward and has been patched in 5.4.297, 5.10.241, 5.15.190 and others. CVE-2025-38677 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-38677?

CVE-2025-38677 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Is there a patch available for CVE-2025-38677?

Yes — CVE-2025-38677 has been patched. Fixed versions include 5.4.297, 5.10.241, 5.15.190 and others. If you are running Linux kernel 3.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-38677 actively exploited?

No — CVE-2025-38677 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →