PT-2025-37980 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-05-07

·

CVE-2025-39835

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the XFS file system related to the handling of ENODATA errors. Specifically, the code does not properly differentiate between ENODATA errors originating from disk I/O and those expected within the xattr (extended attribute) code. This can lead to incorrect error reporting to userspace, potentially indicating an attribute is not found when a disk I/O error has occurred. In certain scenarios, this can also cause a kernel oops due to a null pointer dereference in the xfs attr leaf get() function. Prior to commit 07120f1abdff, the kernel did not oops but returned an incorrect error code to userspace.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Encoding or Escaping of Output

Weakness Enumeration

CWE-116

Related Identifiers

AZL-74736
BDU:2025-15676
CVE-2025-39835
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-6F6E-C0A5-4872
OESA-2026-1228
OESA-2026-1229
OESA-2026-1230
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu
Xfs