{"id":"CVE-2025-38204","summary":"jfs: fix array-index-out-of-bounds read in add_missing_indices","details":"In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.","modified":"2026-03-20T12:42:44.722582Z","published":"2025-07-04T13:37:24.606Z","related":["CGA-4hpv-4j6j-g37f","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38204.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/44618bee303bed151ef3a525ff79fbd7689593b5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5dff41a86377563f7a2b968aae00d25b4ceb37c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bfa4655d28f338e68d345aed80d19be7999bbce2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8399564a58fb6ea2ff21a6fd278417943cb51a5"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38204.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38204"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"81af4b34fd72d390d7f237c6a545cc6d09707956"},{"fixed":"bfa4655d28f338e68d345aed80d19be7999bbce2"},{"fixed":"44618bee303bed151ef3a525ff79fbd7689593b5"},{"fixed":"c8399564a58fb6ea2ff21a6fd278417943cb51a5"},{"fixed":"5dff41a86377563f7a2b968aae00d25b4ceb37c9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38204.json"}}],"schema_version":"1.7.5"}