CVE-2025-39888 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39888 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.16, 6.16, 6.16
Linux	Linux	3568a956932621cafadafc8b75fcf6dc06555105, 3568a956932621cafadafc8b75fcf6dc06555105, 6.16

Timeline

Jan 21, 1970 Security Advisory
Sep 23, 2025 EPSS Score
Sep 23, 2025 CVE Published
Sep 29, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 12, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score
Oct 31, 2025 EPSS Score

References

Open in Interactive Console →