CVE-2025-39878
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit ce80b76dd327 ("ceph: introduce ceph_process_folio_batch() method") by moving code from ceph_writepages_start() to this function. This new function is supposed to return an error code which is checked by the caller (now ceph_process_folio_batch()), and on error, the caller invokes redirty_page_for_writepage() and then breaks from the loop. However, the refactoring commit has gone wrong, and it by accident, it always returns 0 (= success) because it first NULLs the pointer and then returns PTR_ERR(NULL) which is always 0. This means errors are silently ignored, leaving NULL entries in the page array, which may later crash the kernel. The simple solution is to call PTR_ERR() before clearing the pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39878
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.15 (inc) to 6.16.8 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's Ceph filesystem code. A function called move_dirty_folio_in_page_array() was supposed to return an error code when something went wrong, but due to a coding mistake, it always returns success (0). This happens because the function clears a pointer before calling PTR_ERR(), which results in always returning 0. As a result, errors are ignored silently, leaving NULL entries in the page array. These NULL entries can later cause the kernel to crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash unexpectedly when using the Ceph filesystem. Kernel crashes can lead to system instability, data loss, downtime, and potentially impact the availability of services running on affected systems.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Linux kernel to a version where the issue in ceph's move_dirty_folio_in_page_array() function has been fixed. This fix ensures that error codes are properly returned and handled, preventing kernel crashes. Until the update is applied, avoid using affected ceph functionality that triggers this code path if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39878. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart