CVE-2025-39842

MEDIUM EPSS 5.1%
Published Sep 19, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 7

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/42c415c53ad2065088cc411d08925effa5b3d255
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85e66331b60601d903cceaf8c10a234db863cd78
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9188f66e94955431ddbe2cd1cdf8ff2bb486abf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f46e8ef8bb7b452584f2e75337b619ac51a7cadf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4a917e6cd6c798f7adf39907f117fc754db1283
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/42c415c53ad2065088cc411d08925effa5b3d255
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85e66331b60601d903cceaf8c10a234db863cd78
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9188f66e94955431ddbe2cd1cdf8ff2bb486abf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f46e8ef8bb7b452584f2e75337b619ac51a7cadf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4a917e6cd6c798f7adf39907f117fc754db1283
    Patch