CVE-2025-38652

Name	CVE-2025-38652
Description	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((102410241024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((102410241024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ /mnt/f2fs/loop [16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff [16937.192268] F2FS-fs (loop0): Failed to find devices If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may not end up w/ null character due to path array is fully filled, So accidently, fields locate after path[] may be treated as part of device path, result in parsing wrong device path. struct f2fs_dev_info { ... char path[MAX_PATH_LEN]; ... }; Let's add one byte space for sbi->devs.path[] to store null character of device path string.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	vulnerable
	bullseye (security)	5.10.237-1	vulnerable
	bookworm	6.1.148-1	fixed
	bookworm (security)	6.1.147-1	vulnerable
	trixie	6.12.43-1	fixed
	trixie (security)	6.12.41-1	vulnerable
	forky	6.16.3-1	fixed
	sid	6.16.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
linux	source	bookworm	6.1.148-1
linux	source	trixie	6.12.43-1
linux	source	(unstable)	6.16.3-1

https://git.kernel.org/linus/5661998536af52848cc4d52a377e90368196edea (6.17-rc1)