CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1. This leads "size" to wrap around and become negative (-184549328). The "size" is then passed to print_hex_dump() (called "len" in print_hex_dump()), it is passed as type size_t (an unsigned type), this is then stored inside a variable called "int remaining", which is then assigned to "int linelen" which is then passed to hex_dump_to_buffer(). In print_hex_dump() the for loop, iterates through 0 to len-1, where len is 18446744073525002176, calling hex_dump_to_buffer() on each iteration: for (i = 0; i < len; i += rowsize) { linelen = min(remaining, rowsize); remaining -= rowsize; hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, linebuf, sizeof(linebuf), ascii); ... } The expected stopping condition (i < len) is effectively broken since len is corrupted and very large. This eventually leads to the "ptr+i" being passed to hex_dump_to_buffer() to get closer to the end of the actual bounds of "ptr", eventually an out of bounds access is done in hex_dump_to_buffer() in the following for loop: for (j = 0; j < len; j++) { if (linebuflen < lx + 2) goto overflow2; ch = ptr[j]; ... } To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" before it is utilised.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.3%

CVSS Severity

CVSS v3 Score 7.1

References

Products affected by CVE-2025-39735

Linux » Linux Kernel » Version: 4.19.325

cpe:2.3:o:linux:linux_kernel:4.19.325
Linux » Linux Kernel » Version: 5.10.231

cpe:2.3:o:linux:linux_kernel:5.10.231
Linux » Linux Kernel » Version: 5.10.232

cpe:2.3:o:linux:linux_kernel:5.10.232
Linux » Linux Kernel » Version: 5.10.233

cpe:2.3:o:linux:linux_kernel:5.10.233
Linux » Linux Kernel » Version: 5.10.234

cpe:2.3:o:linux:linux_kernel:5.10.234
Linux » Linux Kernel » Version: 5.10.235

cpe:2.3:o:linux:linux_kernel:5.10.235
Linux » Linux Kernel » Version: 5.15.174

cpe:2.3:o:linux:linux_kernel:5.15.174
Linux » Linux Kernel » Version: 5.15.175

cpe:2.3:o:linux:linux_kernel:5.15.175
Linux » Linux Kernel » Version: 5.15.176

cpe:2.3:o:linux:linux_kernel:5.15.176
Linux » Linux Kernel » Version: 5.15.177

cpe:2.3:o:linux:linux_kernel:5.15.177
Linux » Linux Kernel » Version: 5.15.178

cpe:2.3:o:linux:linux_kernel:5.15.178
Linux » Linux Kernel » Version: 5.15.179

cpe:2.3:o:linux:linux_kernel:5.15.179
Linux » Linux Kernel » Version: 5.4.287

cpe:2.3:o:linux:linux_kernel:5.4.287
Linux » Linux Kernel » Version: 5.4.288

cpe:2.3:o:linux:linux_kernel:5.4.288
Linux » Linux Kernel » Version: 5.4.289

cpe:2.3:o:linux:linux_kernel:5.4.289
Linux » Linux Kernel » Version: 5.4.290

cpe:2.3:o:linux:linux_kernel:5.4.290
Linux » Linux Kernel » Version: 5.4.291

cpe:2.3:o:linux:linux_kernel:5.4.291
Linux » Linux Kernel » Version: 6.1.120

cpe:2.3:o:linux:linux_kernel:6.1.120
Linux » Linux Kernel » Version: 6.1.121

cpe:2.3:o:linux:linux_kernel:6.1.121
Linux » Linux Kernel » Version: 6.1.122

cpe:2.3:o:linux:linux_kernel:6.1.122
Linux » Linux Kernel » Version: 6.1.123

cpe:2.3:o:linux:linux_kernel:6.1.123
Linux » Linux Kernel » Version: 6.1.124

cpe:2.3:o:linux:linux_kernel:6.1.124
Linux » Linux Kernel » Version: 6.1.125

cpe:2.3:o:linux:linux_kernel:6.1.125
Linux » Linux Kernel » Version: 6.1.126

cpe:2.3:o:linux:linux_kernel:6.1.126
Linux » Linux Kernel » Version: 6.1.127

cpe:2.3:o:linux:linux_kernel:6.1.127
Linux » Linux Kernel » Version: 6.1.128

cpe:2.3:o:linux:linux_kernel:6.1.128
Linux » Linux Kernel » Version: 6.1.129

cpe:2.3:o:linux:linux_kernel:6.1.129
Linux » Linux Kernel » Version: 6.1.130

cpe:2.3:o:linux:linux_kernel:6.1.130
Linux » Linux Kernel » Version: 6.1.131

cpe:2.3:o:linux:linux_kernel:6.1.131
Linux » Linux Kernel » Version: 6.1.132

cpe:2.3:o:linux:linux_kernel:6.1.132
Linux » Linux Kernel » Version: 6.1.133

cpe:2.3:o:linux:linux_kernel:6.1.133
Linux » Linux Kernel » Version: 6.11.11

cpe:2.3:o:linux:linux_kernel:6.11.11
Linux » Linux Kernel » Version: 6.12.10

cpe:2.3:o:linux:linux_kernel:6.12.10
Linux » Linux Kernel » Version: 6.12.11

cpe:2.3:o:linux:linux_kernel:6.12.11
Linux » Linux Kernel » Version: 6.12.12

cpe:2.3:o:linux:linux_kernel:6.12.12
Linux » Linux Kernel » Version: 6.12.13

cpe:2.3:o:linux:linux_kernel:6.12.13
Linux » Linux Kernel » Version: 6.12.14

cpe:2.3:o:linux:linux_kernel:6.12.14
Linux » Linux Kernel » Version: 6.12.16

cpe:2.3:o:linux:linux_kernel:6.12.16
Linux » Linux Kernel » Version: 6.12.17

cpe:2.3:o:linux:linux_kernel:6.12.17
Linux » Linux Kernel » Version: 6.12.18

cpe:2.3:o:linux:linux_kernel:6.12.18
Linux » Linux Kernel » Version: 6.12.19

cpe:2.3:o:linux:linux_kernel:6.12.19
Linux » Linux Kernel » Version: 6.12.2

cpe:2.3:o:linux:linux_kernel:6.12.2
Linux » Linux Kernel » Version: 6.12.20

cpe:2.3:o:linux:linux_kernel:6.12.20
Linux » Linux Kernel » Version: 6.12.21

cpe:2.3:o:linux:linux_kernel:6.12.21
Linux » Linux Kernel » Version: 6.12.3

cpe:2.3:o:linux:linux_kernel:6.12.3
Linux » Linux Kernel » Version: 6.12.4

cpe:2.3:o:linux:linux_kernel:6.12.4
Linux » Linux Kernel » Version: 6.12.5

cpe:2.3:o:linux:linux_kernel:6.12.5
Linux » Linux Kernel » Version: 6.12.6

cpe:2.3:o:linux:linux_kernel:6.12.6
Linux » Linux Kernel » Version: 6.12.7

cpe:2.3:o:linux:linux_kernel:6.12.7
Linux » Linux Kernel » Version: 6.12.8

cpe:2.3:o:linux:linux_kernel:6.12.8
Linux » Linux Kernel » Version: 6.12.9

cpe:2.3:o:linux:linux_kernel:6.12.9
Linux » Linux Kernel » Version: 6.13

cpe:2.3:o:linux:linux_kernel:6.13
Linux » Linux Kernel » Version: 6.13.1

cpe:2.3:o:linux:linux_kernel:6.13.1
Linux » Linux Kernel » Version: 6.13.2

cpe:2.3:o:linux:linux_kernel:6.13.2
Linux » Linux Kernel » Version: 6.13.3

cpe:2.3:o:linux:linux_kernel:6.13.3
Linux » Linux Kernel » Version: 6.13.4

cpe:2.3:o:linux:linux_kernel:6.13.4
Linux » Linux Kernel » Version: 6.13.5

cpe:2.3:o:linux:linux_kernel:6.13.5
Linux » Linux Kernel » Version: 6.13.6

cpe:2.3:o:linux:linux_kernel:6.13.6
Linux » Linux Kernel » Version: 6.13.7

cpe:2.3:o:linux:linux_kernel:6.13.7
Linux » Linux Kernel » Version: 6.13.8

cpe:2.3:o:linux:linux_kernel:6.13.8
Linux » Linux Kernel » Version: 6.13.9

cpe:2.3:o:linux:linux_kernel:6.13.9
Linux » Linux Kernel » Version: 6.14

cpe:2.3:o:linux:linux_kernel:6.14
Linux » Linux Kernel » Version: 6.6.64

cpe:2.3:o:linux:linux_kernel:6.6.64
Linux » Linux Kernel » Version: 6.6.65

cpe:2.3:o:linux:linux_kernel:6.6.65
Linux » Linux Kernel » Version: 6.6.66

cpe:2.3:o:linux:linux_kernel:6.6.66
Linux » Linux Kernel » Version: 6.6.67

cpe:2.3:o:linux:linux_kernel:6.6.67
Linux » Linux Kernel » Version: 6.6.68

cpe:2.3:o:linux:linux_kernel:6.6.68
Linux » Linux Kernel » Version: 6.6.69

cpe:2.3:o:linux:linux_kernel:6.6.69
Linux » Linux Kernel » Version: 6.6.70

cpe:2.3:o:linux:linux_kernel:6.6.70
Linux » Linux Kernel » Version: 6.6.71

cpe:2.3:o:linux:linux_kernel:6.6.71
Linux » Linux Kernel » Version: 6.6.72

cpe:2.3:o:linux:linux_kernel:6.6.72
Linux » Linux Kernel » Version: 6.6.73

cpe:2.3:o:linux:linux_kernel:6.6.73
Linux » Linux Kernel » Version: 6.6.74

cpe:2.3:o:linux:linux_kernel:6.6.74
Linux » Linux Kernel » Version: 6.6.75

cpe:2.3:o:linux:linux_kernel:6.6.75
Linux » Linux Kernel » Version: 6.6.76

cpe:2.3:o:linux:linux_kernel:6.6.76
Linux » Linux Kernel » Version: 6.6.77

cpe:2.3:o:linux:linux_kernel:6.6.77
Linux » Linux Kernel » Version: 6.6.78

cpe:2.3:o:linux:linux_kernel:6.6.78
Linux » Linux Kernel » Version: 6.6.79

cpe:2.3:o:linux:linux_kernel:6.6.79
Linux » Linux Kernel » Version: 6.6.80

cpe:2.3:o:linux:linux_kernel:6.6.80
Linux » Linux Kernel » Version: 6.6.81

cpe:2.3:o:linux:linux_kernel:6.6.81
Linux » Linux Kernel » Version: 6.6.83

cpe:2.3:o:linux:linux_kernel:6.6.83
Linux » Linux Kernel » Version: 6.6.84

cpe:2.3:o:linux:linux_kernel:6.6.84
Linux » Linux Kernel » Version: 6.6.85

cpe:2.3:o:linux:linux_kernel:6.6.85

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-39735

Products

Pricing

Contact Us