CVE-2025-37785
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's ext4 filesystem allows out-of-bounds read when processing corrupted directories. Attackers with access to mount malicious filesystems could trigger kernel crashes or potentially leak sensitive kernel memory. This affects all Linux systems using ext4 filesystems.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, or potential information disclosure of kernel memory contents.
Likely Case
System crash or kernel panic when processing specially crafted filesystems, leading to denial of service.
If Mitigated
No impact if systems don't mount untrusted filesystems and have proper access controls.
🎯 Exploit Status
Found by syzkaller fuzzer. Requires ability to mount malicious filesystem. No public exploit code known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commit hashes: 14da7dbecb430e35b5889da8dae7bef33173b351, 52a5509ab19a5d3afe301165d9b5787bba34d842, 53bc45da8d8da92ec07877f5922b130562eb4b00, 89503e5eae64637d0fa2218912b54660effe7d93, ac28c5684c1cdab650a7e5065b19e91577d37a4b
Vendor Advisory: https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict filesystem mounting
linuxLimit who can mount filesystems using discretionary access controls or SELinux/AppArmor policies.
chmod 700 /bin/mount
setfacl -m u:root:rwx /bin/mount
Use alternative filesystems
linuxConsider using XFS or Btrfs for untrusted filesystem sources where possible.
mkfs.xfs /dev/device
mkfs.btrfs /dev/device
🧯 If You Can't Patch
- Implement strict access controls on mount command and filesystem devices
- Monitor for unusual mount activity and kernel panic logs
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions. Vulnerable if using unpatched kernel with ext4 support.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: uname -r and check git log for commit hashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of use-after-free in __ext4_check_dir_entry
- System crashes during directory operations
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "__ext4_check_dir_entry" OR "ext4_empty_dir")🔗 References
- https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351
- https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842
- https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00
- https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93
- https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b
- https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78
- https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b
- https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353
- https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
