Invalid Pointer Dereference in Linux Kernel JFFS2 Implementation
CVE-2025-38328

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38328?

A vulnerability in the JFFS2 (Journaling Flash File System 2) of the Linux kernel allows for an invalid pointer dereference due to inadequate verification of the jffs2_prealloc_raw_node_refs() function's execution result. This oversight can lead to null pointer dereferences during memory allocation, potentially causing system instability or crashes. Appropriate error handling measures have been introduced to resolve this issue in later versions.

Affected Version(s)

Linux 2f785402f39b96a077b6e62bf26164bfb8e0c980 < 7e860296d7808de1db175c1eda29f94a2955dcc4

Linux 2f785402f39b96a077b6e62bf26164bfb8e0c980

References

https://git.kernel.org/stable/c/7e860296d7808de1db175c1ed...

https://git.kernel.org/stable/c/d96e6451a8d0fe62492d4cc94...

https://git.kernel.org/stable/c/f41c625328777f9ad572901ba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025