CVE-2025-71184
BaseFortify
Publication date: 2026-01-31
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 2.6.39 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.6 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.66 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 2.6.39.1 (inc) to 6.6.130 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the Linux kernel's btrfs filesystem code during inode eviction. Specifically, when evicting an inode, the code attempts to set up tracing by fetching the root's ID. However, the root pointer can be NULL, which leads to a NULL dereference. The fix involves either setting the root_objectid to 0 if the root is NULL or moving the tracing setup after confirming the root is not NULL, allowing safe tracing even when root is NULL.
How can this vulnerability impact me? :
This vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to a kernel crash or system instability when evicting inodes in the btrfs filesystem. This could result in denial of service or unexpected system behavior.