CVE-2025-38167

fs/ntfs3: handle hdr_first_de() return value

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This
pointer may be NULL. To handle the NULL error effectively, it is important
to implement an error handler. This will help manage potential errors
consistently. Additionally, error handling for the return value already exists at other
points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE.

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. Found by Linux Verification Center (linuxtesting.org) with SVACE.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-03 CVE Published
2025-07-28 CVE Updated
2025-08-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5390b3d4c6d41d05bb9149d094d504cbc9ea85bf	2025-06-27
https://git.kernel.org/stable/c/83cd0aa74793384dbdffc140500b200e9776a302	2025-06-27
https://git.kernel.org/stable/c/701340a25b1ad210e6b8192195be21fd3fcc22c7	2025-06-19
https://git.kernel.org/stable/c/2d5879f64554181b89f44d4817b9ea86e8e913e1	2025-06-19
https://git.kernel.org/stable/c/4ecd0cde89feee26525ccdf1af0c1ae156ca010b	2025-06-19
https://git.kernel.org/stable/c/af5cab0e5b6f8edb0be51a9f47f3f620e0b4fd70	2025-04-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.186 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.186"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.142 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.142"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.94 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.12.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.12.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.15.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.15.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.16"		en		Affected