CVE-2025-38337

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38337
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38337.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38337
Downstream
Related
Published
2025-07-10T09:15:28Z
Modified
2025-08-12T21:01:39Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix data-race and null-ptr-deref in jbd2journaldirty_metadata()

Since handle->htransaction may be a NULL pointer, so we should change it to call ishandle_aborted(handle) first before dereferencing it.

And the following data-race was reported in my fuzzer:

================================================================== BUG: KCSAN: data-race in jbd2journaldirtymetadata / jbd2journaldirtymetadata

write to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1: jbd2journaldirtymetadata+0x2a5/0x770 fs/jbd2/transaction.c:1556 _ext4handledirtymetadata+0xe7/0x4b0 fs/ext4/ext4jbd2.c:358 ext4doupdateinode fs/ext4/inode.c:5220 [inline] ext4markilocdirty+0x32c/0xd50 fs/ext4/inode.c:5869 _ext4markinodedirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4dirtyinode+0x98/0xc0 fs/ext4/inode.c:6103 ....

read to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0: jbd2journaldirtymetadata+0xf2/0x770 fs/jbd2/transaction.c:1512 _ext4handledirtymetadata+0xe7/0x4b0 fs/ext4/ext4jbd2.c:358 ext4doupdateinode fs/ext4/inode.c:5220 [inline] ext4markilocdirty+0x32c/0xd50 fs/ext4/inode.c:5869 _ext4markinodedirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4dirtyinode+0x98/0xc0 fs/ext4/inode.c:6103 ....

value changed: 0x00000000 -> 0x00000001

This issue is caused by missing data-race annotation for jh->b_modified. Therefore, the missing annotation needs to be added.

References

Affected packages