CVE-2025-39840

In the Linux kernel, the following vulnerability has been resolved:

audit: fix out-of-bounds read in audit_compare_dname_path()

When a watch on dir=/ is combined with an fsnotify event for a
single-character name directly under / (e.g., creating /a), an
out-of-bounds read can occur in audit_compare_dname_path().

The helper parent_len() returns 1 for “/”. In audit_compare_dname_path(),
when parentlen equals the full path length (1), the code sets p = path + 1
and pathlen = 1 – 1 = 0. The subsequent loop then dereferences
p[pathlen – 1] (i.e., p[-1]), causing an out-of-bounds read.

Fix this by adding a pathlen > 0 check to the while loop condition
to prevent the out-of-bounds access.

[PM: subject tweak, sign-off email fixes]

More information : https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d