NULL Pointer Dereference in Linux Kernel CIFS Component
CVE-2025-39838

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
19 September 2025

What is CVE-2025-39838?

In the Linux kernel, a vulnerability exists in the CIFS (Common Internet File System) component, where a NULL pointer can be dereferenced due to improper checks during UTF16 conversion. The flaw occurs when NULL is passed to the function __cifs_sfu_make_node without appropriate validation. This oversight allows for potential crashes when it reaches the cifs_strndup_to_utf16 function. To resolve this issue, a patch has been implemented that introduces a check for a NULL 'src' parameter, returning early to prevent null pointer dereference and ensuring system stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 41d3f256c6a5e41eb32b87168399c0facd512dc0 < 1f797f062b5cf13a1c2bcc23285361baaa7c9260

Linux 41d3f256c6a5e41eb32b87168399c0facd512dc0 < 3c26a8d30ed6b53a52a023ec537dc50a6d34a67a

Linux 41d3f256c6a5e41eb32b87168399c0facd512dc0 < 70bccd9855dae56942f2b18a08ba137bb54093a0

References

https://git.kernel.org/stable/c/1f797f062b5cf13a1c2bcc232...
https://git.kernel.org/stable/c/3c26a8d30ed6b53a52a023ec5...
https://git.kernel.org/stable/c/70bccd9855dae56942f2b18a0...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.