{"id":"CVE-2025-38697","summary":"jfs: upper bound check of tree index in dbAllocAG","details":"In the Linux kernel, the following vulnerability has been resolved:\n\njfs: upper bound check of tree index in dbAllocAG\n\nWhen computing the tree index in dbAllocAG, we never check if we are\nout of bounds realative to the size of the stree.\nThis could happen in a scenario where the filesystem metadata are\ncorrupted.","modified":"2026-04-02T12:48:05.361508Z","published":"2025-09-04T15:32:49.848Z","related":["MGASA-2025-0234","MGASA-2025-0235","SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38697.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1467a75819e41341cd5ebd16faa2af1ca3c8f4fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/173cfd741ad7073640bfb7e2344c2a0ee005e769"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2dd05f09cc323018136a7ecdb3d1007be9ede27f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/30e19a884c0b11f33821aacda7e72e914bec26ef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49ea46d9025aa1914b24ea957636cbe4367a7311"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5bdb9553fb134fd52ec208a8b378120670f6e784"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a4f199203f79ca9cd7355799ccb26800174ff093"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c214006856ff52a8ff17ed8da52d50601d54f9ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8ca21a2836993d7cb816668458e05e598574e55"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38697.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38697"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"5bdb9553fb134fd52ec208a8b378120670f6e784"},{"fixed":"a4f199203f79ca9cd7355799ccb26800174ff093"},{"fixed":"1467a75819e41341cd5ebd16faa2af1ca3c8f4fe"},{"fixed":"49ea46d9025aa1914b24ea957636cbe4367a7311"},{"fixed":"173cfd741ad7073640bfb7e2344c2a0ee005e769"},{"fixed":"c8ca21a2836993d7cb816668458e05e598574e55"},{"fixed":"2dd05f09cc323018136a7ecdb3d1007be9ede27f"},{"fixed":"30e19a884c0b11f33821aacda7e72e914bec26ef"},{"fixed":"c214006856ff52a8ff17ed8da52d50601d54f9ce"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38697.json"}}],"schema_version":"1.7.5"}