CVE-2025-39842
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39842
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's ocfs2 filesystem involves a null pointer dereference. Specifically, after the journal shutdown function ocfs2_journal_shutdown() is called during volume dismount, the journal pointer (osb->journal) should be NULL. However, the code attempts to release the journal inode without checking if the journal pointer is NULL, leading to a potential null pointer dereference and failure in the calltrace. The fix involves adding checks to ensure osb->journal is not NULL before attempting to release the journal inode.

Impact Analysis

This vulnerability can cause a null pointer dereference in the Linux kernel's ocfs2 filesystem, which may lead to system crashes or instability when dismounting volumes. This could result in denial of service or data loss if the filesystem becomes corrupted or inaccessible due to the failure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39842. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart