AZL-65768

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65768.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-65768

Upstream

CVE-2025-38382

Published

2025-07-25T13:15:27Z

Modified

2026-04-01T05:20:38.714514Z

Summary

CVE-2025-38382 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix iteration of extrefs during log replay

At __inodeaddref() when processing extrefs, if we jump into the next label we have an undefined value of victimname.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victimname.len was not initialized to the length of the name of the current extref.

Fix this by initializing victim_name.len with the current extref's name length.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38382

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65768.json"