CVE-2025-71107 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 14
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Xfstests generic/335, generic/336 sometimes crash with the following message:
F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages15 packages
▶CVEListV5linux/linux20872584b8c0b006c007da9588a272c9e28d2e18 — c3031cf2b61f1508662fc95ef9ad505cb0882a5f+5
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-71107: In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests ge↗2026-01-14
GHSA▶
GHSA-mcmw-vr9c-grh2: In the Linux kernel, the following vulnerability has been resolved:
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Xfstests↗2026-01-14