Out-of-bounds Read in kernel-64k-devel-matched | CVE-2025-39840

Threat Intelligence

0.02% (6^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-bounds Read vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-ALMALINUX10-KERNEL64KDEVELMATCHED-15037551
published20 Jan 2026
disclosed12 Jan 2026

Report a new vulnerability Found a mistake?

Introduced: 12 Jan 2026

CVE-2025-39840 (opens in a new tab) CWE-125 (opens in a new tab)

Amendment

The AlmaLinux security team deemed this advisory irrelevant for AlmaLinux:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-64k-devel-matched package and not the kernel-64k-devel-matched package as distributed by AlmaLinux.

In the Linux kernel, the following vulnerability has been resolved:

audit: fix out-of-bounds read in audit_compare_dname_path()

When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path().

The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read.

Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access.

[PM: subject tweak, sign-off email fixes]

Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package kernel-64k-devel-matched (opens in a new tab)