Uninitialized Pointer Dereference in Linux Kernel Affecting pNFS Functionality
CVE-2025-38691

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38691?

A vulnerability in the Linux kernel's pNFS implementation can allow an uninitialized pointer dereference during the encoding of extents. Specifically, as the 'ext_tree_prepare_commit()' function attempts to reallocate memory to encode extents, it does so without initializing the 'layoutupdate_pages' page array, leading to potential access violations. This flaw may escalate when dealing with larger files, resulting in layout commits exceeding the maximum RPC size accepted by the server. The risks are particularly pronounced when many extents are involved, as the reallocation may continuously fall short, exacerbating the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 34dc93c2fc04da0d01acf8a1660b4ab276208af7 < 579b85f893d9885162e1cabf99a4a088916e143e

Linux 34dc93c2fc04da0d01acf8a1660b4ab276208af7 < 2896f101110076ac6bf99d7aaf463d61e26f89dd

Linux 34dc93c2fc04da0d01acf8a1660b4ab276208af7 < 4f783333cbfa2ee7d4aa8e47f6bd1b3f77534fcf

References

https://git.kernel.org/stable/c/579b85f893d9885162e1cabf9...
https://git.kernel.org/stable/c/2896f101110076ac6bf99d7aa...
https://git.kernel.org/stable/c/4f783333cbfa2ee7d4aa8e47f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.