CVE-2025-39838
cifs: prevent NULL pointer dereference in UTF16 conversion
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash. This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and returns NULL early to prevent dereferencing NULL pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE
| Vendor | linux |
| Product | linux |
| Ecosystems | |
| Industries | Technology |
| Published | Sep 19, 2025 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for linux linux
Be the first to know when new unknown vulnerabilities affecting linux linux are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Linux / Linux
41d3f256c6a5e41eb32b87168399c0facd512dc0 < 1f797f062b5cf13a1c2bcc23285361baaa7c9260 41d3f256c6a5e41eb32b87168399c0facd512dc0 < 3c26a8d30ed6b53a52a023ec537dc50a6d34a67a 41d3f256c6a5e41eb32b87168399c0facd512dc0 < 70bccd9855dae56942f2b18a08ba137bb54093a0
Linux / Linux
6.12
References
git.kernel.org: https://git.kernel.org/stable/c/1f797f062b5cf13a1c2bcc23285361baaa7c9260 git.kernel.org: https://git.kernel.org/stable/c/3c26a8d30ed6b53a52a023ec537dc50a6d34a67a git.kernel.org: https://git.kernel.org/stable/c/70bccd9855dae56942f2b18a08ba137bb54093a0 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-032379.html