Data Race and Null Pointer Dereference in Linux Kernel's jbd2 Component
CVE-2025-38337

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38337?

The jbd2 component in the Linux kernel has a vulnerability that manifests as a data race and potential null pointer dereference within the jbd2_journal_dirty_metadata function. The issue arises because the transaction handle may point to a NULL value before it can be safely dereferenced. This flaw, combined with missing data-race annotations on jh->b_modified, can lead to unexpected behavior during metadata journaling. It is crucial for system administrators and developers to ensure that the corresponding patch is applied to mitigate associated risks.

Affected Version(s)

Linux 6e06ae88edae77379bef7c0cb7d3c2dd88676867 < 5c1a34ff5b0bfdfd2f9343aa9b08d25df618bac5

Linux 6e06ae88edae77379bef7c0cb7d3c2dd88676867

Linux 6e06ae88edae77379bef7c0cb7d3c2dd88676867 < 43d5e3bb5f1dcd91e30238ea0b59a5f77063f84e

References

https://git.kernel.org/stable/c/5c1a34ff5b0bfdfd2f9343aa9...

https://git.kernel.org/stable/c/ec669e5bf409f16e464bfad75...

https://git.kernel.org/stable/c/43d5e3bb5f1dcd91e30238ea0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025