CVE-2025-38065 - CVE | ByteOS Network

CVE Vulnerability Details :

CVE-2025-38065

PUBLISHED

More Info Official Page

Assigner-Linux

Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-18 Jun, 2025 | 09:33

Updated At-03 Nov, 2025 | 17:33

▼CVE Numbering Authority (CNA)

orangefs: Do not truncate file size

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems.

Affected Products

Vendor

Linux Kernel Organization, Inc

Product

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

fs/orangefs/inode.c

Default Status

unaffected

Versions

Affected

From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before ceaf195ed285b77791e29016ee6344b3ded609b3 (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 341e3a5984cf5761f3dab16029d7e9fb1641d5ff (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 5111227d7f1f57f6804666b3abf780a23f44fc1d (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 15602508ad2f923e228b9521960b4addcd27d9c4 (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 121f0335d91e46369bf55b5da4167d82b099a166 (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before cd918ec24168fe08c6aafc077dd3b6d88364c5cf (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 2323b806221e6268a4e17711bc72e2fc87c191a3 (git)
From f7ab093f74bf638ed98fd1115f3efa17e308bb7f before 062e8093592fb866b8e016641a8b27feb6ac509d (git)

Vendor

Linux Kernel Organization, Inc

Product

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

fs/orangefs/inode.c

Default Status

affected

Versions

Affected

4.6

Unaffected

From 0 before 4.6 (semver)
From 5.4.294 through 5.4.* (semver)
From 5.10.238 through 5.10.* (semver)
From 5.15.185 through 5.15.* (semver)
From 6.1.141 through 6.1.* (semver)
From 6.6.93 through 6.6.* (semver)
From 6.12.31 through 6.12.* (semver)
From 6.14.9 through 6.14.* (semver)
From 6.15 through * (original_commit_for_fix)

References

Hyperlink	Resource
https://git.kernel.org/stable/c/ceaf195ed285b77791e29016ee6344b3ded609b3	N/A
https://git.kernel.org/stable/c/341e3a5984cf5761f3dab16029d7e9fb1641d5ff	N/A
https://git.kernel.org/stable/c/5111227d7f1f57f6804666b3abf780a23f44fc1d	N/A
https://git.kernel.org/stable/c/15602508ad2f923e228b9521960b4addcd27d9c4	N/A
https://git.kernel.org/stable/c/121f0335d91e46369bf55b5da4167d82b099a166	N/A
https://git.kernel.org/stable/c/cd918ec24168fe08c6aafc077dd3b6d88364c5cf	N/A
https://git.kernel.org/stable/c/2323b806221e6268a4e17711bc72e2fc87c191a3	N/A
https://git.kernel.org/stable/c/062e8093592fb866b8e016641a8b27feb6ac509d	N/A

Hyperlink: https://git.kernel.org/stable/c/ceaf195ed285b77791e29016ee6344b3ded609b3

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/341e3a5984cf5761f3dab16029d7e9fb1641d5ff

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/5111227d7f1f57f6804666b3abf780a23f44fc1d

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/15602508ad2f923e228b9521960b4addcd27d9c4

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/121f0335d91e46369bf55b5da4167d82b099a166

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/cd918ec24168fe08c6aafc077dd3b6d88364c5cf

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/2323b806221e6268a4e17711bc72e2fc87c191a3

Resource: N/A

Hyperlink: https://git.kernel.org/stable/c/062e8093592fb866b8e016641a8b27feb6ac509d

Resource: N/A

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	N/A
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	N/A

Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Resource: N/A

Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Resource: N/A