CVE-2025-39840

HIGH EPSS 3.8%
Published Sep 19, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.14  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789
    Patch