CVE-2025-38220
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-04

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace: <TASK> ext4_block_zero_page_range+0x30c/0x380 [ext4] ext4_truncate+0x436/0x440 [ext4] ext4_process_orphan+0x5d/0x110 [ext4] ext4_orphan_cleanup+0x124/0x4f0 [ext4] ext4_fill_super+0x262d/0x3110 [ext4] get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x26/0xd0 vfs_cmd_create+0x59/0xe0 __do_sys_fsconfig+0x4ed/0x6b0 do_syscall_64+0x82/0x170 ... This occurs when processing a symlink inode from the orphan list. The partial block zeroing code in the truncate path calls ext4_dirty_journalled_data() -> folio_mark_dirty(). The latter calls mapping->a_ops->dirty_folio(), but symlink inodes are not assigned an a_ops vector in ext4, hence the crash. To avoid this problem, update the ext4_dirty_journalled_data() helper to only mark the folio dirty on regular files (for which a_ops is assigned). This also matches the journaling logic in the ext4_symlink() creation path, where ext4_handle_dirty_metadata() is called directly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-04
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-07-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38220
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a bug in the Linux kernel's ext4 filesystem where processing a symlink inode from the orphan list can cause a kernel crash due to a NULL pointer dereference. Specifically, the ext4_dirty_journalled_data() function calls folio_mark_dirty(), which calls a dirty_folio() operation that does not exist for symlink inodes because they lack an a_ops vector. This leads to a crash. The fix was to update ext4_dirty_journalled_data() to only mark folios dirty for regular files, which have the necessary a_ops vector, preventing the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (kernel NULL pointer dereference) when handling certain filesystem operations involving symlink inodes in ext4. Such crashes can lead to system instability, potential data loss, or denial of service as the system may become unresponsive or require a reboot.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version where the ext4_dirty_journalled_data() helper function has been fixed to only mark folios dirty on regular files. This prevents the NULL pointer dereference crash when processing symlink inodes from the orphan list. Applying the official patch or upgrading to a kernel version released after 2025-07-04 that includes this fix is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart