CVE-2025-39842
EUVD-2025-3035819.09.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: prevent release journal inode after journal shutdown
Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already
been executed in ocfs2_dismount_volume(), so osb->journal must be NULL.
Therefore, the following calltrace will inevitably fail when it reaches
jbd2_journal_release_jbd_inode().
ocfs2_dismount_volume()->
ocfs2_delete_osb()->
ocfs2_free_slot_info()->
__ocfs2_free_slot_info()->
evict()->
ocfs2_evict_inode()->
ocfs2_clear_inode()->
jbd2_journal_release_jbd_inode(osb->journal->j_journal,
Adding osb->journal checks will prevent null-ptr-deref during the above
execution path.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.151 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.105 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.46 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.16.6 |
| linux | linux_kernel | 6.17:rc1 |
| linux | linux_kernel | 6.17:rc2 |
| linux | linux_kernel | 6.17:rc3 |
| linux | linux_kernel | 6.17:rc4 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | SIMATIC CN 4100 | 𝑥 < V5.0 | ADP |
| siemens | simatic_cn_4100 | 𝑥 < 5.0 | ADP |
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| kernel-64kb |
| ||||||||||||
| kernel-azure |
| ||||||||||||
| kernel-default |
| ||||||||||||
| kernel-default-base |
| ||||||||||||
| kernel-docs |
| ||||||||||||
| kernel-macros |
| ||||||||||||
| kernel-obs-build |
| ||||||||||||
| kernel-source |
| ||||||||||||
| kernel-source-azure |
| ||||||||||||
| kernel-syms |
| ||||||||||||
| kernel-syms-azure |
| ||||||||||||
| kernel-zfcpdump |
|
References