CVE-2025-39888

Published: Sep 23, 2025Modified: Jan 14, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns.

Affected (6)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.16 to 6.16.8
Linux Linux Kernel	Version 6.17 rc1
Linux Linux Kernel	Version 6.17 rc2
Linux Linux Kernel	Version 6.17 rc3
Linux Linux Kernel	Version 6.17 rc4
Linux Linux Kernel	Version 6.17 rc5

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://git.kernel.org/stable/c/623719227b114d73a2cee45f1b343ced63ce09ec

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9d81ba6d49a7457784f0b6a71046818b86ec7e44

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.