1. Home
  2. Vulnerabilities
  3. CVE-2025-38652
7.1
HIGH CVSS 3.1
CVE-2025-38652
f2fs: fix to avoid out-of-boundary access in devs.path
Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ /mnt/f2fs/loop [16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff [16937.192268] F2FS-fs (loop0): Failed to find devices If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may not end up w/ null character due to path array is fully filled, So accidently, fields locate after path[] may be treated as part of device path, result in parsing wrong device path. struct f2fs_dev_info { ... char path[MAX_PATH_LEN]; ... }; Let's add one byte space for sbi->devs.path[] to store null character of device path string.

INFO

Published Date :

Aug. 22, 2025, 4:15 p.m.

Last Modified :

Jan. 7, 2026, 5:36 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-38652 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Update the Linux kernel to resolve an out-of-boundary access vulnerability in f2fs.
  • Update the Linux kernel to the latest version.
  • Apply the provided patch to the kernel source.
  • Recompile and install the modified kernel.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-38652.

URL Resource
https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e Patch
https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d Patch
https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136 Patch
https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e Patch
https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea Patch
https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0 Patch
https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd Patch
https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa Patch
https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-38652 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-38652 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-38652 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-38652 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 07, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
    Added CWE CWE-125
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.148 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.190 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.241 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.16 up to (excluding) 6.16.1 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.15.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.42 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.102 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 5.4.297
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80 Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Types: Third Party Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 28, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d
    Added Reference https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0
    Added Reference https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 22, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ /mnt/f2fs/loop [16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff [16937.192268] F2FS-fs (loop0): Failed to find devices If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may not end up w/ null character due to path array is fully filled, So accidently, fields locate after path[] may be treated as part of device path, result in parsing wrong device path. struct f2fs_dev_info { ... char path[MAX_PATH_LEN]; ... }; Let's add one byte space for sbi->devs.path[] to store null character of device path string.
    Added Reference https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e
    Added Reference https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136
    Added Reference https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e
    Added Reference https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea
    Added Reference https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd
    Added Reference https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact