VDB

CVE-2025-39840

CVE-2025-39840 PUBLISHED CVSS 7.099999904632568 HIGH

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]

EPSS 0.03% · 7.8th percentile

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.03%
7.8th percentile

Affected Products

VendorProductVersions
LinuxLinuxe92eebb0d6116f942ab25dfb1a41905aa59472a8, e92eebb0d6116f942ab25dfb1a41905aa59472a8, 6.14
linuxlinux_kernel6.14, 6.14, 6.17

Exploit Intelligence

Timeline

  • Jan 21, 1970 Security Advisory
  • Sep 19, 2025 CVE Published
  • Sep 20, 2025 EPSS Score
  • Sep 27, 2025 EPSS Score
  • Oct 4, 2025 EPSS Score
  • Oct 4, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 10, 2025 Coalition ESS Score
  • Oct 11, 2025 EPSS Score
  • Oct 18, 2025 EPSS Score
  • Oct 25, 2025 EPSS Score
  • Nov 1, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›