CVE-2025-38328

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38328
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38328.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38328
Downstream
Related
Published
2025-07-10T08:15:02.296Z
Modified
2025-11-28T02:34:53.335207Z
Summary
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
Details

In the Linux kernel, the following vulnerability has been resolved:

jffs2: check jffs2preallocrawnoderefs() result in few other places

Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2preallocrawnoderefs() completed successfully. Subsequent logic implies that the node refs have been allocated.

Handle that. The code is ready for propagating the error upwards.

KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:jffs2linknoderef+0xac/0x690 fs/jffs2/nodelist.c:600 Call Trace: jffs2markerasedblock fs/jffs2/erase.c:460 [inline] jffs2erasependingblocks+0x688/0x1860 fs/jffs2/erase.c:118 jffs2garbagecollectpass+0x638/0x1a00 fs/jffs2/gc.c:253 jffs2reservespace+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167 jffs2writeinoderange+0x246/0xb50 fs/jffs2/write.c:362 jffs2writeend+0x712/0x1110 fs/jffs2/file.c:302 genericperformwrite+0x2c2/0x500 mm/filemap.c:3347 _genericfilewriteiter+0x252/0x610 mm/filemap.c:3465 genericfilewriteiter+0xdb/0x230 mm/filemap.c:3497 callwriteiter include/linux/fs.h:2039 [inline] doiterreadvwritev+0x46d/0x750 fs/readwrite.c:740 doiterwrite+0x18c/0x710 fs/readwrite.c:866 vfswritev+0x1db/0x6a0 fs/readwrite.c:939 dopwritev fs/readwrite.c:1036 [inline] _dosyspwritev fs/readwrite.c:1083 [inline] _sesyspwritev fs/readwrite.c:1078 [inline] _x64syspwritev+0x235/0x310 fs/readwrite.c:1078 dosyscall64+0x30/0x40 arch/x86/entry/common.c:46 entrySYSCALL64after_hwframe+0x67/0xd1

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38328.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2f785402f39b96a077b6e62bf26164bfb8e0c980
Fixed
7e860296d7808de1db175c1eda29f94a2955dcc4
Fixed
d96e6451a8d0fe62492d4cc942d695772293c05a
Fixed
f41c625328777f9ad572901ba0b0065bb9c9c1da
Fixed
38d767fb4a7766ec2058f97787e4c6e8d10343d6
Fixed
cd42ddddd70abc7127c12b96c8c85dbd080ea56f
Fixed
d1b81776f337a9b997f797c70ac0a26d838a2168
Fixed
042fa922c84b5080401bcd8897d4ac4919d15075
Fixed
2b6d96503255a3ed676cd70f8368870c6d6a25c6

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.18
Fixed
5.4.295
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.239
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.186
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.95
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.35
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.4