{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "ce80b76dd32764cc914975777e058d4fae4f0ea0"
            },
            {
              "fixed": "dd1616ecbea920d228c56729461ed223cc501425"
            },
            {
              "fixed": "249e0a47cdb46bb9eae65511c569044bd8698d7d"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39878.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix crash after fscrypt_encrypt_pagecache_blocks() error\n\nThe function move_dirty_folio_in_page_array() was created by commit\nce80b76dd327 (\"ceph: introduce ceph_process_folio_batch() method\") by\nmoving code from ceph_writepages_start() to this function.\n\nThis new function is supposed to return an error code which is checked\nby the caller (now ceph_process_folio_batch()), and on error, the\ncaller invokes redirty_page_for_writepage() and then breaks from the\nloop.\n\nHowever, the refactoring commit has gone wrong, and it by accident, it\nalways returns 0 (= success) because it first NULLs the pointer and\nthen returns PTR_ERR(NULL) which is always 0.  This means errors are\nsilently ignored, leaving NULL entries in the page array, which may\nlater crash the kernel.\n\nThe simple solution is to call PTR_ERR() before clearing the pointer.",
  "id": "CVE-2025-39878",
  "modified": "2026-04-01T23:10:26.991644403Z",
  "published": "2025-09-23T06:00:48.850Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/249e0a47cdb46bb9eae65511c569044bd8698d7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd1616ecbea920d228c56729461ed223cc501425"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39878.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39878"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error"
}