CVE-2025-39835NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference25 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 16
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: erro

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel5.95.10.242+6
Debianlinux/linux_kernel< 5.10.244-1+3
CVEListV5linux/linux07120f1abdff80f3d1351f733661abe28d609535157ddfb05961c68ab7d457a462822a698e4e4bf4+7

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
xfs: do not propagate ENODATA disk errors into xattr code2025-09-16
GHSA
GHSA-x6rc-wf46-fv7m: In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR)2025-09-16
OSV
CVE-2025-39835: In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) ha2025-09-16

📋Vendor Advisories

21
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23
CVE-2025-39835 — NULL Pointer Dereference in Linux | cvebase