CVE-2025-39888 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-23 | Updated 2025-09-29 | Assigner Linux

Product status

Default status

unaffected

3568a956932621cafadafc8b75fcf6dc06555105 (git) before 623719227b114d73a2cee45f1b343ced63ce09ec

affected

3568a956932621cafadafc8b75fcf6dc06555105 (git) before 9d81ba6d49a7457784f0b6a71046818b86ec7e44

affected

Default status

affected

6.16

affected

Any version before 6.16

unaffected

6.16.8 (semver)

unaffected

6.17 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/623719227b114d73a2cee45f1b343ced63ce09ec

git.kernel.org/...c/9d81ba6d49a7457784f0b6a71046818b86ec7e44

cve.org (CVE-2025-39888)

nvd.nist.gov (CVE-2025-39888)

Download JSON

help @ threatint.eu