{"id":"CVE-2025-38220","summary":"ext4: only dirty folios when data journaling regular files","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.","modified":"2026-04-16T04:37:00.560919722Z","published":"2025-07-04T13:37:36.612Z","related":["ALSA-2025:15005","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38220.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/be5f3061a6f904e3674257879e71881ceee5b673"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf6a4c4ac7b6e3214f25df594c9689a62f1bb456"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d7af6eee8cd60f55aa8c5fe2b91f11ec0c9a0f27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e26268ff1dcae5662c1b96c35f18cfa6ab73d9de"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38220.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38220"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d84c9ebdac1e39bc7b036c0c829ee8c1956edabc"},{"fixed":"cf6a4c4ac7b6e3214f25df594c9689a62f1bb456"},{"fixed":"be5f3061a6f904e3674257879e71881ceee5b673"},{"fixed":"d7af6eee8cd60f55aa8c5fe2b91f11ec0c9a0f27"},{"fixed":"e26268ff1dcae5662c1b96c35f18cfa6ab73d9de"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38220.json"}}],"schema_version":"1.7.5"}