CVE-2025-39838
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39838
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39838.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-39838
- Downstream
- Related
- Published
- 2025-09-19T15:26:13.506Z
- Modified
- 2026-01-02T20:31:36.922002Z
- Summary
- cifs: prevent NULL pointer dereference in UTF16 conversion
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cifs: prevent NULL pointer dereference in UTF16 conversion
There can be a NULL pointer dereference bug here. NULL is passed to _cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes it to cifslocaltoutf16_bytes where '*from' is dereferenced, causing a crash.
This patch adds a check for NULL 'src' in cifsstrndupto_utf16 and returns NULL early to prevent dereferencing NULL pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39838.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1f797f062b5cf13a1c2bcc23285361baaa7c9260
- https://git.kernel.org/stable/c/3c26a8d30ed6b53a52a023ec537dc50a6d34a67a
- https://git.kernel.org/stable/c/70bccd9855dae56942f2b18a08ba137bb54093a0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39838.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39838
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced41d3f256c6a5e41eb32b87168399c0facd512dc0Fixed1f797f062b5cf13a1c2bcc23285361baaa7c9260Fixed3c26a8d30ed6b53a52a023ec537dc50a6d34a67aFixed70bccd9855dae56942f2b18a08ba137bb54093a0
Affected versions
v6.*
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.16.5
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4