CVE-2025-38243NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 9

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthrough in case of __add_inode_ref(), where we then do something like this: iput(&inode->vfs_inode); which results in an invalid inode pointer that triggers an invalid memory access, resulting in a crash. Fix this by making sure we don't do such

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.156.15.5+1
CVEListV5linux/linux0502d1127436a69b8c2e7cf309ae0ebff3332668401d098f92ea69d8a75f8b845daf343e511681ba+3
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-3cjq-w2m7-3294: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places2025-07-09
OSV
CVE-2025-38243: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places wh2025-07-09

📋Vendor Advisories

2
Red Hat
kernel: btrfs: fix invalid inode pointer dereferences during log replay2025-07-09
Debian
CVE-2025-38243: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ...2025
CVE-2025-38243 — NULL Pointer Dereference in Linux | cvebase