CVE-2025-39878 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39878 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit ce80b76dd327 ("ceph: introduce ceph_process_folio_batch() method") by moving code from ceph_writepages_start() to this function. This new function is supposed to return an error code which is checked by the caller (now ceph_process_folio_batch()), and on error, the caller invokes redirty_page_for_writepage() and then breaks from the loop. However, the refactoring commit has gone wrong, and it by accident, it always returns 0 (= success) because it first NULLs the pointer and then returns PTR_ERR(NULL) which is always 0. This means errors are silently ignored, leaving NULL entries in the page array, which may later crash the kernel. The simple solution is to call PTR_ERR() before clearing the pointer.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	ce80b76dd32764cc914975777e058d4fae4f0ea0, ce80b76dd32764cc914975777e058d4fae4f0ea0, 6.15
linux	linux_kernel	6.15, 6.15, 6.15

Timeline

Jan 21, 1970 Security Advisory
Sep 23, 2025 EPSS Score
Sep 23, 2025 CVE Published
Sep 23, 2025 PoC Published
Sep 29, 2025 EPSS Score
Sep 29, 2025 PoC Published
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 12, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score

References

Open in Interactive Console →