Updated: 2026-02-27 03:44:04.503358
Description:
In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:07 | Not affected: CVE-2025-38697 is confined to the JFS filesystem driver (dbAllocAG) and is only reacha... | |
| TuxCare 9.6 ESU | kernel | 5.14.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-07 04:44:10 | Not affected: this flaw exists only in the JFS filesystem code path (dbAllocAG) that is compiled whe... | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Needs Triage | 2026-02-04 08:56:27 | ||
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Needs Triage | 2026-02-04 09:16:53 | ||
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | In Testing | 2026-03-06 16:40:24 | ||
| Ubuntu 20.04 ELS | linux | 5.4.0 | 7.8 | HIGH | Released | CLSA-2026:1772815097 | 2026-03-07 02:39:13 |