CVE-2025-38701 – A Linux kernel vulnerability in the ext4 filesy... (How to Fix)

Q: What is the severity of CVE-2025-38701?

CVE-2025-38701 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability in the ext4 filesystem where a maliciously crafted filesystem image triggers a kernel panic (BUG_ON) when an inode has the INLINE_DATA_FL flag set but lacks the required system.data extended attribute. This affects systems using ext4 filesystems and can be exploited by mounting a malicious filesystem image. The vulnerability leads to denial of service through kernel panic.

📋 TL;DR

A Linux kernel vulnerability in the ext4 filesystem where a maliciously crafted filesystem image triggers a kernel panic (BUG_ON) when an inode has the INLINE_DATA_FL flag set but lacks the required system.data extended attribute. This affects systems using ext4 filesystems and can be exploited by mounting a malicious filesystem image. The vulnerability leads to denial of service through kernel panic.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches available in stable kernel trees

Operating Systems: Linux distributions using ext4 filesystem

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ext4 filesystem usage and ability to mount malicious filesystem images

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel panic when mounting a malicious filesystem image.

🟢

If Mitigated

System continues operation with filesystem corruption reported via EXT4_ERROR_INODE instead of crashing.

🌐 Internet-Facing: LOW - Requires mounting malicious filesystem, typically not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with filesystem mount privileges could cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires creating and mounting a specially crafted ext4 filesystem image

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits 099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42 and related

Vendor Advisory: https://git.kernel.org/stable/c/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict filesystem mounting

all

Limit ability to mount filesystems to trusted users only

chmod 700 /bin/mount
setfacl -m u:trusted_user:rwx /bin/mount

🧯 If You Can't Patch

Implement strict access controls on mount command and filesystem image handling
Monitor for unexpected kernel panics and investigate mount operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if patches are applied: grep -q '099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42' /proc/kallsyms || echo 'Possibly vulnerable'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel contains the fix: uname -r and check with distribution vendor for patched kernel version

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/messages or dmesg
EXT4-fs error messages indicating corrupted filesystem

Network Indicators:

None - local exploitation only

SIEM Query:

source="kernel" AND ("BUG:" OR "kernel panic" OR "EXT4-fs error")

📊 Metadata

CVE ID: CVE-2025-38701

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.01% exploit probability (1.6th percentile)

Published: September 4, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42 Patch
https://git.kernel.org/stable/c/1199a6399895f4767f0b9a68a6ff47c3f799b7c7 Patch
https://git.kernel.org/stable/c/279c87ef7b9da34f65c2e4db586e730b667a6fb9 Patch
https://git.kernel.org/stable/c/2817ac83cb4732597bf36853fe13ca616f4ee4e2 Patch
https://git.kernel.org/stable/c/7f322c12df7aeed1755acd3c6fab48c7807795fb Patch
https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7853e19bbd64e17a Patch
https://git.kernel.org/stable/c/81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c Patch
https://git.kernel.org/stable/c/8a6f89d42e61788605722dd9faf98797c958a7e5 Patch
https://git.kernel.org/stable/c/d960f4b793912f35e9d72bd9d1e90553063fcbf1 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38701, you might also want to check these: