PT-2025-27978 · Linux+5 · Linux Kernel+5

Published

2025-07-04

·

Updated

2026-04-20

·

CVE-2025-38203

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc6
Description: A concurrency bug in the fs/jfs module results in a null pointer dereference. The issue is closely related to a previously fixed problem, but the accepted patch is still susceptible to a null pointer dereference under some interleavings. The bug manifests when JFS SBI(ipbmap->i sb)->bmap is set to NULL in dbFreeBits and then dereferenced in jfs ioc trim. This bug is triggereable from a syz-program and can cause a general protection fault.
Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the null pointer dereference in jfs ioc trim. As a temporary workaround, consider disabling the jfs ioc trim function until a patch is available. Restrict access to the fs/jfs module to minimize the risk of exploitation. Avoid using the JFS SBI(ipbmap->i sb)->bmap variable in the affected code until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-13474
CVE-2025-38203
DLA-4327-1
ECHO-B3FA-80E9-F6F0
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu