CVE-2025-38167
Published: July 3, 2025Last modified: July 3, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.143-r1) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/2d5879f64554181b89f44d4817b9ea86e8e913e1
- https://git.kernel.org/stable/c/4ecd0cde89feee26525ccdf1af0c1ae156ca010b
- https://git.kernel.org/stable/c/5390b3d4c6d41d05bb9149d094d504cbc9ea85bf
- https://git.kernel.org/stable/c/701340a25b1ad210e6b8192195be21fd3fcc22c7
- https://git.kernel.org/stable/c/83cd0aa74793384dbdffc140500b200e9776a302
- https://git.kernel.org/stable/c/af5cab0e5b6f8edb0be51a9f47f3f620e0b4fd70
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html