CVE-2025-39838

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw where a NULL pointer dereference can occur during UTF16 conversion within the CIFS implementation. Specifically, a NULL pointer can be passed to the cifs sfu make node function without proper checks, leading to a crash when dereferenced in cifs local to utf16 bytes after being passed through cifs strndup to utf16. The issue was discovered by Linux Verification Center (linuxtesting.org) with SVACE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-67596

BDU:2025-14114

CVE-2025-39838

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-4354-C183-2C7B

INFESA-2025_0006

OESA-2026-1303

OESA-2026-1304

OESA-2026-1339

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

SUSE-SU-2025:3751-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39838

Weakness Enumeration

Related Identifiers

Affected Products

References · 3486