Null Pointer Dereference Vulnerability in JFS Module for Linux Kernel
CVE-2025-38203

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38203?

A concurrency bug in the JFS module of the Linux kernel can lead to a null pointer dereference, potentially causing a kernel panic and system instability. This occurs when the bmap is set to NULL, which can be triggered under specific circumstances, particularly from workload interleavings or when executed through fuzzing techniques. This vulnerability can affect systems running the Linux kernel versions with JFS enabled, necessitating immediate updates and mitigations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0d50231d473f89024158dc62624930de45d13718

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4a8cb9908b51500a76f5156423bd295df53bff89

References

https://git.kernel.org/stable/c/0d50231d473f89024158dc626...

https://git.kernel.org/stable/c/a9d41c925069c950e18160e12...

https://git.kernel.org/stable/c/4a8cb9908b51500a76f515642...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025