U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38652 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ /mnt/f2fs/loop [16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff [16937.192268] F2FS-fs (loop0): Failed to find devices If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may not end up w/ null character due to path array is fully filled, So accidently, fields locate after path[] may be treated as part of device path, result in parsing wrong device path. struct f2fs_dev_info { ... char path[MAX_PATH_LEN]; ... }; Let's add one byte space for sbi->devs.path[] to store null character of device path string.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e kernel.org
https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d kernel.org
https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136 kernel.org
https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e kernel.org
https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea kernel.org
https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0 kernel.org
https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd kernel.org
https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa kernel.org
https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38652
NVD Published Date:
08/22/2025
NVD Last Modified:
08/28/2025
Source:
kernel.org