CVE-2025-38243
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's btrfs filesystem involves invalid inode pointer dereferences during log replay. Specifically, when the function read_one_inode() returns a NULL pointer, the code may incorrectly proceed to dereference this invalid pointer, leading to invalid memory access and causing the system to crash. The issue occurs in error handling paths where the code attempts to use an inode pointer without verifying it is valid.
How can this vulnerability impact me? :
This vulnerability can cause the Linux system to crash due to invalid memory access when handling btrfs filesystem operations. Such crashes can lead to denial of service, potentially causing system instability or downtime.