Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr[EOL][EOL]A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()[EOL]when an inode had the INLINE_DATA_FL flag set but was missing the[EOL]system.data extended attribute.[EOL][EOL]Since this can happen due to a maiciouly fuzzed file system, we[EOL]shouldn't BUG, but rather, report it as a corrupted file system.[EOL][EOL]Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii[EOL]ext4_create_inline_data() and ext4_inline_data_truncate().
CREATE(Triage):(User=admin) [CVE-2025-38701 (https://nvd.nist.gov/vuln/detail/CVE-2025-38701)
