CVE-2025-37858 – A Linux kernel JFS filesystem integer overflow ... (How to Fix)

Q: What is the severity of CVE-2025-37858?

CVE-2025-37858 has a CVSS score of 5.5 (MEDIUM). A Linux kernel JFS filesystem integer overflow vulnerability occurs when calculating allocation group sizes on 32-bit systems with large (>2TB) aggregates. This can cause filesystem corruption, kernel crashes, or potential security issues through malformed on-disk structures. Only affects systems using JFS filesystem on 32-bit architectures with large storage volumes.

📋 TL;DR

A Linux kernel JFS filesystem integer overflow vulnerability occurs when calculating allocation group sizes on 32-bit systems with large (>2TB) aggregates. This can cause filesystem corruption, kernel crashes, or potential security issues through malformed on-disk structures. Only affects systems using JFS filesystem on 32-bit architectures with large storage volumes.

💻 Affected Systems

Products:

Linux kernel with JFS filesystem support

Versions: All versions before the fix commits (check specific kernel versions for backports)

Operating Systems: Linux distributions with JFS support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when: 1) Using JFS filesystem, 2) On 32-bit architecture, 3) With aggregates >2TB, 4) During filesystem extend operations.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or crash leading to system downtime, filesystem corruption resulting in data loss, potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Filesystem corruption during extend operations, system instability, data integrity issues.

🟢

If Mitigated

No impact if not using JFS filesystem or on 64-bit systems.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific JFS configuration.

🏢 Internal Only: MEDIUM - Could affect internal servers using JFS with large volumes on 32-bit systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access, specific JFS configuration, and triggering filesystem extend operations. Primarily a stability/data integrity issue rather than direct security bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits: 211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a, 3d8a45f87010a802aa214bf39702ca9d99cbf3ba, 55edbf5dbf60a8195c21e92124c4028939ae16b2, 7ccf3b35274512b60ecb614e0637e76bd6f2d829, 7fcbf789629cdb9fbf4e2172ce31136cfed11e5e

Vendor Advisory: https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check if JFS filesystems are in use. 3. Reboot system to load new kernel. 4. Verify kernel version after reboot.

🔧 Temporary Workarounds

Avoid JFS on 32-bit systems

linux

Do not use JFS filesystem on 32-bit systems with large storage volumes.

# Check mounted JFS filesystems
mount | grep jfs
# Check kernel architecture
uname -m

Migrate to 64-bit systems

linux

Use 64-bit Linux systems which are not affected by this integer overflow.

# Check current architecture
uname -m

🧯 If You Can't Patch

Avoid extending JFS filesystems on 32-bit systems
Migrate JFS data to different filesystem (ext4, xfs, btrfs)

🔍 How to Verify

Check if Vulnerable:

Check if system is 32-bit and uses JFS filesystems: uname -m | grep -q 'i[0-9]86\|armv[0-9]' && mount | grep -q jfs

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or is newer than patched version, and verify no JFS corruption occurs during operations.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages related to JFS
Filesystem corruption errors in dmesg
JFS allocation errors

Network Indicators:

None - local filesystem issue

SIEM Query:

source="kernel" AND ("JFS" OR "jfs") AND ("panic" OR "corruption" OR "allocation")

📊 Metadata

CVE ID: CVE-2025-37858

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.01% exploit probability (1.5th percentile)

Published: May 9, 2025

Last Updated: November 12, 2025

🔗 References

https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a Patch
https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba Patch
https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2 Patch
https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829 Patch
https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e Patch
https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239 Patch
https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329 Patch
https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 Patch
https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88 Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37858, you might also want to check these: