{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38220","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.995Z","datePublished":"2025-07-04T13:37:36.612Z","dateUpdated":"2026-05-11T21:23:33.613Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:23:33.613Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n <TASK>\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -> folio_mark_dirty(). The latter calls\nmapping->a_ops->dirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/inode.c"],"versions":[{"version":"d84c9ebdac1e39bc7b036c0c829ee8c1956edabc","lessThan":"cf6a4c4ac7b6e3214f25df594c9689a62f1bb456","status":"affected","versionType":"git"},{"version":"d84c9ebdac1e39bc7b036c0c829ee8c1956edabc","lessThan":"be5f3061a6f904e3674257879e71881ceee5b673","status":"affected","versionType":"git"},{"version":"d84c9ebdac1e39bc7b036c0c829ee8c1956edabc","lessThan":"d7af6eee8cd60f55aa8c5fe2b91f11ec0c9a0f27","status":"affected","versionType":"git"},{"version":"d84c9ebdac1e39bc7b036c0c829ee8c1956edabc","lessThan":"e26268ff1dcae5662c1b96c35f18cfa6ab73d9de","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/inode.c"],"versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","status":"unaffected","versionType":"semver"},{"version":"6.6.95","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.35","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.4","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.12.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.15.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cf6a4c4ac7b6e3214f25df594c9689a62f1bb456"},{"url":"https://git.kernel.org/stable/c/be5f3061a6f904e3674257879e71881ceee5b673"},{"url":"https://git.kernel.org/stable/c/d7af6eee8cd60f55aa8c5fe2b91f11ec0c9a0f27"},{"url":"https://git.kernel.org/stable/c/e26268ff1dcae5662c1b96c35f18cfa6ab73d9de"}],"title":"ext4: only dirty folios when data journaling regular files","x_generator":{"engine":"bippy-1.2.0"}}}}