Linux Kernel Vulnerability Affecting NTFS3 File System Functions
CVE-2025-38167

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38167?

In the Linux kernel, a vulnerability was identified in the NTFS3 file system's handling of the hdr_first_de() function, which returns a pointer to a struct NTFS_DE. This pointer may be NULL, highlighting the need for a robust error handler to manage any potential NULL pointer dereferences. While error handling is already implemented in other calls to this function, enhancing these mechanisms will ensure more consistent error management across the system. This improvement is crucial for maintaining system stability and security, as it mitigates risks associated with mishandling pointer values.

Affected Version(s)

Linux 82cae269cfa953032fbb8980a7d554d60fb00b17 < 5390b3d4c6d41d05bb9149d094d504cbc9ea85bf

Linux 82cae269cfa953032fbb8980a7d554d60fb00b17 < 83cd0aa74793384dbdffc140500b200e9776a302

Linux 82cae269cfa953032fbb8980a7d554d60fb00b17 < 701340a25b1ad210e6b8192195be21fd3fcc22c7

References

https://git.kernel.org/stable/c/5390b3d4c6d41d05bb9149d09...

https://git.kernel.org/stable/c/83cd0aa74793384dbdffc1405...

https://git.kernel.org/stable/c/701340a25b1ad210e6b819219...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025