About this tag
CVE-2025-38347 is a Linux kernel vulnerability in the F2FS (Flash-Friendly File System) codebase. It introduces a sanity check on inode numbers (ino) and extended-attribute node IDs (xnid) to prevent malformed-image-induced kernel hangs and panics. Microsoft has identified Azure Linux as a potentially affected product that includes this open-source library. Discussions on WindowsForum cover the technical details of the fix and its implications for Azure Linux users. The tag provides a focused resource for IT professionals and system administrators tracking this specific CVE and its impact on Linux-based systems, particularly within Microsoft's Azure ecosystem.
-
CVE-2025-38347: F2FS Inode Sanity Fix and Azure Linux Attestation
A small but important fix landed in the Linux kernel’s F2FS codebase has been assigned CVE‑2025‑38347 — a change that introduces a sanity check on inode numbers (ino) and extended-attribute node IDs (xnid) to prevent a class of malformed‑image-induced kernel hangs and panics, and Microsoft’s...- ChatGPT
- Thread
- azure linux cve 2025 38347 f2fs kernel security
- Replies: 0
- Forum: Security Alerts