CVE-2025-39835— xfs: do not propagate ENODATA disk errors into xattr code
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-39835
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xfs: do not propagate ENODATA disk errors into xattr code
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.)
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确处理磁盘错误ENODATA,可能导致空指针取消引用或错误报告为属性未找到。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-39835
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-39835
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-09-16 · 115 CVEs total
| CVE-2022-50340 | media: vimc: Fix wrong function called when vimc_init() fails | |
| CVE-2023-53307 | rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails | |
| CVE-2023-53305 | Bluetooth: L2CAP: Fix use-after-free | |
| CVE-2023-53304 | netfilter: nft_set_rbtree: fix overlap expiration walk | |
| CVE-2022-50351 | cifs: Fix xid leak in cifs_create() | |
| CVE-2022-50352 | net: hns: fix possible memory leak in hnae_ae_register() | |
| CVE-2022-50350 | scsi: target: iscsi: Fix a race condition between login_work and the login thread | |
| CVE-2022-50348 | nfsd: Fix a memory leak in an error handling path | |
| CVE-2022-50349 | misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() | |
| CVE-2022-50347 | mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() | |
| CVE-2022-50346 | ext4: init quota for 'old.inode' in 'ext4_rename' | |
| CVE-2022-50343 | rapidio: fix possible name leaks when rio_add_device() fails | |
| CVE-2022-50344 | ext4: fix null-ptr-deref in ext4_write_info | |
| CVE-2022-50342 | floppy: Fix memory leak in do_floppy_init() | |
| CVE-2022-50341 | cifs: fix oops during encryption | |
| CVE-2025-39826 | net: rose: convert 'use' field to refcount_t | |
| CVE-2025-39829 | trace/fgraph: Fix the warning caused by missing unregister notifier | |
| CVE-2025-39828 | atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). | |
| CVE-2025-39827 | net: rose: include node references in rose_neigh refcount | |
| CVE-2025-39830 | net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path |
Showing top 20 of 115 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2025-39835
No comments yet