Updated: 2026-02-27 03:44:04.503358
Description:
In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:09 | Not affected: this flaw exists only in the JFS filesystem code path (dbAllocAG) that is compiled whe... | |
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:11 | Not affected. CVE-2025-38697 targets the JFS filesystem driver (dbAllocAG in fs/jfs/jfs_dmap.c), and... | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:09 | Not affected: CVE-2025-38697 is confined to the JFS filesystem driver (dbAllocAG) and is only reacha... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:10 | Not affected: CVE-2025-38697 is confined to the JFS filesystem path (dbAllocAG in fs/jfs), which is ... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:11 | Not affected: CVE-2025-38697 is confined to the JFS filesystem path (dbAllocAG in fs/jfs), which is ... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:08 | Not affected: CVE-2025-38697 is confined to the JFS filesystem path (dbAllocAG in fs/jfs), which is ... | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2026-03-06 16:33:24 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:08 | Not affected. CVE-2025-38697 targets the JFS filesystem driver (dbAllocAG in fs/jfs/jfs_dmap.c), and... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:08 | Not affected: CVE-2025-38697 is confined to the JFS filesystem driver (dbAllocAG) and is only reacha... | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Not Vulnerable | 2026-02-05 12:32:01 | Not affected: CVE-2025-38697 is confined to the JFS filesystem driver (dbAllocAG) and is only reacha... |