CVE-2025-39735
📋 TL;DR
This CVE describes an integer overflow vulnerability in the Linux kernel's JFS filesystem extended attribute handling. When processing specially crafted extended attributes, an out-of-bounds read can occur, potentially leading to information disclosure or system instability. Systems using JFS filesystems with the affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or kernel panic causing system crash.
Likely Case
Information disclosure from kernel memory, system instability, or denial of service through kernel panic.
If Mitigated
Limited impact if JFS filesystems are not in use or if access controls prevent malicious file uploads.
🎯 Exploit Status
Requires ability to create or modify files on JFS filesystem; local access needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0beddc2a3f9b9cf7d8887973041e36c2d0fa3652, 16d3d36436492aa248b2d8045e75585ebcc2f34d, 3d6fd5b9c6acbc005e53d0211c7381f566babec1, 46e2c031aa59ea65128991cbca474bd5c0c2ecdb, 50afcee7011155933d8d5e8832f52eeee018cfd3
Vendor Advisory: https://git.kernel.org/stable/c/0beddc2a3f9b9cf7d8887973041e36c2d0fa3652
Restart Required: Yes
Instructions:
Update Linux kernel to patched version
Reboot system after kernel update
Verify kernel version after reboot
🔧 Temporary Workarounds
Disable JFS filesystem use
linuxAvoid using JFS filesystems until patched
# Check for JFS filesystems: mount | grep -i jfs
# Unmount JFS filesystems if possible: umount /path/to/jfs/mountpoint
Restrict filesystem access
linuxLimit who can create/modify files on JFS filesystems
# Set restrictive permissions: chmod 700 /jfs/mountpoint
# Use access control lists if needed
🧯 If You Can't Patch
- Avoid using JFS filesystems for untrusted data
- Implement strict file upload controls and validation for JFS-mounted directories
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if JFS filesystems are mounted: uname -r && mount | grep jfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and contains the fix commits: uname -r && zgrep -i 'ea_get\|CVE-2025-39735' /proc/config.gz📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'ea_get: invalid extended attribute'
- Kernel panic or oops messages related to JFS or slab corruption
Network Indicators:
- No network indicators - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("ea_get" OR "JFS" OR "slab-out-of-bounds")🔗 References
- https://git.kernel.org/stable/c/0beddc2a3f9b9cf7d8887973041e36c2d0fa3652
- https://git.kernel.org/stable/c/16d3d36436492aa248b2d8045e75585ebcc2f34d
- https://git.kernel.org/stable/c/3d6fd5b9c6acbc005e53d0211c7381f566babec1
- https://git.kernel.org/stable/c/46e2c031aa59ea65128991cbca474bd5c0c2ecdb
- https://git.kernel.org/stable/c/50afcee7011155933d8d5e8832f52eeee018cfd3
- https://git.kernel.org/stable/c/5263822558a8a7c0d0248d5679c2dcf4d5cda61f
- https://git.kernel.org/stable/c/78c9cbde8880ec02d864c166bcb4fe989ce1d95f
- https://git.kernel.org/stable/c/a8c31808925b11393a6601f534bb63bac5366bab
- https://git.kernel.org/stable/c/fdf480da5837c23b146c4743c18de97202fcab37
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
