IM
IronMonkey Threat Research

CVE-2025-38167 MEDIUM

Published: 2025-07-03 | Last Modified: 2026-05-12 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: manejo del valor de retorno de hdr_first_de(). La función hdr_first_de() devuelve un puntero a una estructura NTFS_DE. Este puntero puede ser NULL. Para gestionar eficazmente el error NULL, es importante implementar un gestor de errores. Esto ayudará a gestionar los posibles errores de forma coherente. Además, ya existe un gestor de errores para el valor de retorno en otros puntos donde se llama a esta función. Encontrado por el Centro de Verificación de Linux (linuxtesting.org) con SVACE.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-476

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bdc50e8c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcf69040> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcf6a1c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcf69c00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdc50f800> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdc50c640> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Notification
Message here