Description

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]

INFO

Published Date :

2025-09-19T15:26:15.596Z

Last Modified :

2026-01-14T19:23:12.172Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39840 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39840.

URL Resource
https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d cve-icon cve-icon
https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091902-CVE-2025-39840-bad6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39840 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39840 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact