Linux Kernel Vulnerability in ext4 Handling Symlink Inodes
CVE-2025-38220

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38220?

A vulnerability has been identified in the Linux kernel's ext4 filesystem affecting the handling of symlink inodes. When processing a symlink inode from the orphan list during a truncation operation, a NULL pointer dereference may occur due to improper management of dirty folios in data journaling for regular files. This flaw can lead to a system crash, evidenced by error messages indicating a kernel NULL pointer dereference. To rectify this issue, it's essential to update the ext4_dirty_journalled_data() helper to only mark dirty the folios of regular files where appropriate operations are assigned, thus aligning with existing journaling logic.

Affected Version(s)

Linux d84c9ebdac1e39bc7b036c0c829ee8c1956edabc

References

https://git.kernel.org/stable/c/cf6a4c4ac7b6e3214f25df594...

https://git.kernel.org/stable/c/be5f3061a6f904e3674257879...

https://git.kernel.org/stable/c/d7af6eee8cd60f55aa8c5fe2b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025