NULL Pointer Dereference Affecting kernel-modules-internal package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-CENTOS8-KERNELMODULESINTERNAL-10695607
- published11 Jul 2025
- disclosed10 Jul 2025
Introduced: 10 Jul 2025
NewCVE-2025-38337 (opens in a new tab)How to fix?
There is no fixed version for Centos:8 kernel-modules-internal.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-modules-internal package and not the kernel-modules-internal package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_aborted(handle) first before dereferencing it.
And the following data-race was reported in my fuzzer:
================================================================== BUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata
write to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1: jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556 __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358 ext4_do_update_inode fs/ext4/inode.c:5220 [inline] ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869 __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103 ....
read to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0: jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512 __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358 ext4_do_update_inode fs/ext4/inode.c:5220 [inline] ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869 __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074 ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103 ....
value changed: 0x00000000 -> 0x00000001
This issue is caused by missing data-race annotation for jh->b_modified. Therefore, the missing annotation needs to be added.
References
- https://access.redhat.com/security/cve/CVE-2025-38337
- https://git.kernel.org/stable/c/23361b479f2700c00960d3ae9cdc8ededa762d47
- https://git.kernel.org/stable/c/2e7c64d7a92c031d016f11c8e8cb05131ab7b75a
- https://git.kernel.org/stable/c/43d5e3bb5f1dcd91e30238ea0b59a5f77063f84e
- https://git.kernel.org/stable/c/5c1a34ff5b0bfdfd2f9343aa9b08d25df618bac5
- https://git.kernel.org/stable/c/a377996d714afb8d4d5f4906336f78510039da29
- https://git.kernel.org/stable/c/af98b0157adf6504fade79b3e6cb260c4ff68e37
- https://git.kernel.org/stable/c/ec669e5bf409f16e464bfad75f0ba039a45de29a
- https://git.kernel.org/stable/c/f78b38af3540b4875147b7b884ee11a27b3dbf4c