CVE-2025-39878

Source
https://cve.org/CVERecord?id=CVE-2025-39878
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39878.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39878
Downstream
Published
2025-09-23T06:00:48.850Z
Modified
2026-04-02T12:48:11.796560Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error
Details

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix crash after fscryptencryptpagecache_blocks() error

The function movedirtyfolioinpagearray() was created by commit ce80b76dd327 ("ceph: introduce cephprocessfoliobatch() method") by moving code from cephwritepagesstart() to this function.

This new function is supposed to return an error code which is checked by the caller (now cephprocessfoliobatch()), and on error, the caller invokes redirtypageforwritepage() and then breaks from the loop.

However, the refactoring commit has gone wrong, and it by accident, it always returns 0 (= success) because it first NULLs the pointer and then returns PTR_ERR(NULL) which is always 0. This means errors are silently ignored, leaving NULL entries in the page array, which may later crash the kernel.

The simple solution is to call PTR_ERR() before clearing the pointer.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39878.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ce80b76dd32764cc914975777e058d4fae4f0ea0
Fixed
dd1616ecbea920d228c56729461ed223cc501425
Fixed
249e0a47cdb46bb9eae65511c569044bd8698d7d

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39878.json"