[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-37738":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":34,"epss":9,"epss_history":35,"metrics":36,"affected":43},"DEBIAN-CVE-2025-37738","In the Linux kernel, the following vulnerability has been resolved:  ext4: ignore xattrs past end  Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry.  This fixes the following KASAN reported issue:  ================================================================== BUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 Read of size 4 at addr ffff888012c120c4 by task repro/2065  CPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Call Trace:  \u003CTASK>  dump_stack_lvl+0x1fd/0x300  ? tcp_gro_dev_warn+0x260/0x260  ? _printk+0xc0/0x100  ? read_lock_is_recursive+0x10/0x10  ? irq_work_queue+0x72/0xf0  ? __virt_addr_valid+0x17b/0x4b0  print_address_description+0x78/0x390  print_report+0x107/0x1f0  ? __virt_addr_valid+0x17b/0x4b0  ? __virt_addr_valid+0x3ff/0x4b0  ? __phys_addr+0xb5/0x160  ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90  kasan_report+0xcc/0x100  ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90  ext4_xattr_inode_dec_ref_all+0xb8c/0xe90  ? ext4_xattr_delete_inode+0xd30/0xd30  ? __ext4_journal_ensure_credits+0x5f0/0x5f0  ? __ext4_journal_ensure_credits+0x2b/0x5f0  ? inode_update_timestamps+0x410/0x410  ext4_xattr_delete_inode+0xb64/0xd30  ? ext4_truncate+0xb70/0xdc0  ? ext4_expand_extra_isize_ea+0x1d20/0x1d20  ? __ext4_mark_inode_dirty+0x670/0x670  ? ext4_journal_check_start+0x16f/0x240  ? ext4_inode_is_fast_symlink+0x2f2/0x3a0  ext4_evict_inode+0xc8c/0xff0  ? ext4_inode_is_fast_symlink+0x3a0/0x3a0  ? do_raw_spin_unlock+0x53/0x8a0  ? ext4_inode_is_fast_symlink+0x3a0/0x3a0  evict+0x4ac/0x950  ? proc_nr_inodes+0x310/0x310  ? trace_ext4_drop_inode+0xa2/0x220  ? _raw_spin_unlock+0x1a/0x30  ? iput+0x4cb/0x7e0  do_unlinkat+0x495/0x7c0  ? try_break_deleg+0x120/0x120  ? 0xffffffff81000000  ? __check_object_size+0x15a/0x210  ? strncpy_from_user+0x13e/0x250  ? getname_flags+0x1dc/0x530  __x64_sys_unlinkat+0xc8/0xf0  do_syscall_64+0x65/0x110  entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x434ffd Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8 RSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 RAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001  \u003C/TASK>  The buggy address belongs to the object at ffff888012c12000  which belongs to the cache filp of size 360 The buggy address is located 196 bytes inside of  freed 360-byte region [ffff888012c12000, ffff888012c12168)  The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c12 head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x40(head|node=0|zone=0) page_type: f5(slab) raw: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004 raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004 head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 0000000000000001 ffffea00004b0481 ffffffffffffffff 0000000000000000 head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected  Memory state around the buggy address:  ffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb                                            ^  ffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc  ffff888012c12180: fc fc fc fc fc fc fc fc fc ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2025-37738",[17,19],{"_key":18},"DLA-4178-1",{"_key":20},"DLA-4193-1",[],[],"2025-05-01T13:15:52.383Z","2026-04-28T20:29:45.018618Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28],{"url":29,"sources":30,"tags":32},"https://security-tracker.debian.org/tracker/CVE-2025-37738",[31],"osv_debian",[33],"Advisory",[],[],[37],{"source":31,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":38,"cvss_v4_0":9},{"baseScore":39,"baseSeverity":9,"vectorString":40,"impactScore":41,"exploitabilityScore":42},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[44,63],{"ecosystem":45,"name":46,"vendor":47,"product":46,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":46,"source":9,"versions":49},"Debian","linux","debian","deb",[50,56,59,62],{"version":51,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt5_10_237_1",true,"ecosystem","5.10.237-1","excluding",{"version":57,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},"lt6_1_135_1","6.1.135-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9},"lt6_12_25_1","6.12.25-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9},{"ecosystem":45,"name":64,"vendor":47,"product":64,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":64,"source":9,"versions":65},"linux-6.1",[66],{"version":67,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":68,"version_end_type":55,"fixed_in":9},"lt6_1_137_1~deb11u1","6.1.137-1~deb11u1"]