CVE-2025-38701

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38701
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38701.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38701
Downstream
Related
Published
2025-09-04T15:32:53.071Z
Modified
2026-03-20T12:42:59.198571Z
Summary
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not BUG when INLINEDATAFL lacks system.data xattr

A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata() when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute.

Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system.

Add similar replacements of BUGON with EXT4ERRORINODE() ii ext4createinlinedata() and ext4inlinedata_truncate().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38701.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
67cf5b09a46f72e048501b84996f2f77bc42e947
Fixed
8085a7324d8ec448c4a764af7853e19bbd64e17a
Fixed
1199a6399895f4767f0b9a68a6ff47c3f799b7c7
Fixed
7f322c12df7aeed1755acd3c6fab48c7807795fb
Fixed
2817ac83cb4732597bf36853fe13ca616f4ee4e2
Fixed
d960f4b793912f35e9d72bd9d1e90553063fcbf1
Fixed
81e7e2e7ba07e7c8cdce43ccad2f91adbc5a919c
Fixed
279c87ef7b9da34f65c2e4db586e730b667a6fb9
Fixed
8a6f89d42e61788605722dd9faf98797c958a7e5
Fixed
099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38701.json"