CVE-2025-39840

HIGH 7.1

audit: fix out-of-bounds read in audit_compare_dname_path()

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path(). The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read. Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access. [PM: subject tweak, sign-off email fixes]

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Sep 19, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

e92eebb0d6116f942ab25dfb1a41905aa59472a8 < 9735a9dcc307427e7d6336c54171682f1bac9789 e92eebb0d6116f942ab25dfb1a41905aa59472a8 < 4540f1d23e7f387880ce46d11b5cd3f27248bf8d

Linux / Linux

6.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789 git.kernel.org: https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d