CVE-2025-38337
- Source
- https://cve.org/CVERecord?id=CVE-2025-38337
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38337.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38337
- Downstream
- Related
- Published
- 2025-07-10T08:15:08.396Z
- Modified
- 2026-03-20T12:42:48.724150Z
- Summary
- jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
jbd2: fix data-race and null-ptr-deref in jbd2journaldirty_metadata()
Since handle->htransaction may be a NULL pointer, so we should change it to call ishandle_aborted(handle) first before dereferencing it.
And the following data-race was reported in my fuzzer:
================================================================== BUG: KCSAN: data-race in jbd2journaldirtymetadata / jbd2journaldirtymetadata
write to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1: jbd2journaldirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556 __ext4handledirtymetadata+0xe7/0x4b0 fs/ext4/ext4jbd2.c:358 ext4doupdateinode fs/ext4/inode.c:5220 [inline] ext4markilocdirty+0x32c/0xd50 fs/ext4/inode.c:5869 _ext4markinodedirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4dirtyinode+0x98/0xc0 fs/ext4/inode.c:6103 ....
read to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0: jbd2journaldirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512 __ext4handledirtymetadata+0xe7/0x4b0 fs/ext4/ext4jbd2.c:358 ext4doupdateinode fs/ext4/inode.c:5220 [inline] ext4markilocdirty+0x32c/0xd50 fs/ext4/inode.c:5869 _ext4markinodedirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4dirtyinode+0x98/0xc0 fs/ext4/inode.c:6103 ....
value changed: 0x00000000 -> 0x00000001
This issue is caused by missing data-race annotation for jh->b_modified. Therefore, the missing annotation needs to be added.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38337.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/23361b479f2700c00960d3ae9cdc8ededa762d47
- https://git.kernel.org/stable/c/2e7c64d7a92c031d016f11c8e8cb05131ab7b75a
- https://git.kernel.org/stable/c/43d5e3bb5f1dcd91e30238ea0b59a5f77063f84e
- https://git.kernel.org/stable/c/5c1a34ff5b0bfdfd2f9343aa9b08d25df618bac5
- https://git.kernel.org/stable/c/a377996d714afb8d4d5f4906336f78510039da29
- https://git.kernel.org/stable/c/af98b0157adf6504fade79b3e6cb260c4ff68e37
- https://git.kernel.org/stable/c/ec669e5bf409f16e464bfad75f0ba039a45de29a
- https://git.kernel.org/stable/c/f78b38af3540b4875147b7b884ee11a27b3dbf4c
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38337.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38337
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e06ae88edae77379bef7c0cb7d3c2dd88676867Fixed5c1a34ff5b0bfdfd2f9343aa9b08d25df618bac5Fixedec669e5bf409f16e464bfad75f0ba039a45de29aFixed43d5e3bb5f1dcd91e30238ea0b59a5f77063f84eFixed23361b479f2700c00960d3ae9cdc8ededa762d47Fixed2e7c64d7a92c031d016f11c8e8cb05131ab7b75aFixedf78b38af3540b4875147b7b884ee11a27b3dbf4cFixeda377996d714afb8d4d5f4906336f78510039da29Fixedaf98b0157adf6504fade79b3e6cb260c4ff68e37