CVE-2025-39840

EUVD-2025-30360
In the Linux kernel, the following vulnerability has been resolved:

audit: fix out-of-bounds read in audit_compare_dname_path()

When a watch on dir=/ is combined with an fsnotify event for a
single-character name directly under / (e.g., creating /a), an
out-of-bounds read can occur in audit_compare_dname_path().

The helper parent_len() returns 1 for "/". In audit_compare_dname_path(),
when parentlen equals the full path length (1), the code sets p = path + 1
and pathlen = 1 - 1 = 0. The subsequent loop then dereferences
p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read.

Fix this by adding a pathlen > 0 check to the while loop condition
to prevent the out-of-bounds access.

[PM: subject tweak, sign-off email fixes]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.14 ≤
𝑥
< 6.16.6
linuxlinux_kernel
6.17:rc1
linuxlinux_kernel
6.17:rc2
linuxlinux_kernel
6.17:rc3
linuxlinux_kernel
6.17:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
kernel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-abi-stablelists
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-doc
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-debug-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-64k-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-tools
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-tools-libs
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-tools-libs-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-uki-virt-addons
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-devel
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-modules
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
kernel-zfcpdump-modules-extra
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
libperf
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
perf
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
python3-perf
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
rtla
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
rv
RHEL 9
0:5.14.0-611.20.1.el9_7
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d
https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789