CVE-2025-39878
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.15 (inc) to 6.16.8 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the Linux kernel's Ceph filesystem code. A function called move_dirty_folio_in_page_array() was supposed to return an error code when something went wrong, but due to a coding mistake, it always returns success (0). This happens because the function clears a pointer before calling PTR_ERR(), which results in always returning 0. As a result, errors are ignored silently, leaving NULL entries in the page array. These NULL entries can later cause the kernel to crash.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash unexpectedly when using the Ceph filesystem. Kernel crashes can lead to system instability, data loss, downtime, and potentially impact the availability of services running on affected systems.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Linux kernel to a version where the issue in ceph's move_dirty_folio_in_page_array() function has been fixed. This fix ensures that error codes are properly returned and handled, preventing kernel crashes. Until the update is applied, avoid using affected ceph functionality that triggers this code path if possible.