Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.30, < 5.4.297 |
| Debian | Debian Linux | 11.0 |
References
- https://git.kernel.org/stable/c/1a5c204e175a78556b8ef1f7683249fa5197295aPatch
- https://git.kernel.org/stable/c/2cf0c4130bf340be3935d097a3dcbfefdcf65815Patch
- https://git.kernel.org/stable/c/42cd46b3a8b1497b9258dc7ac445dbd6beb73e2fPatch
- https://git.kernel.org/stable/c/4aead50caf67e01020c8be1945c3201e8a972a27Patch
- https://git.kernel.org/stable/c/79663a15a1c70ca84f86f2dbba07b423fe7d5d4fPatch
- https://git.kernel.org/stable/c/98872a934ea6a95985fb6a3655a78a5f0c114e82Patch
- https://git.kernel.org/stable/c/bf585ee198bba4ff25b0d80a0891df4656cb0d08Patch
- https://git.kernel.org/stable/c/dd298c0b889acd3ecaf48b6e840c9ab91882e342Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38663?
CVE-2025-38663 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and ...
How severe is CVE-2025-38663?
CVE-2025-38663 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38663?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.