CVE-2025-37839 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

jbd2: remove wrong sb->s_sequence check

Journal emptiness is not determined by sb->s_sequence == 0 but rather by
sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a
valid transaction ID so the check can spuriously trigger. Remove the
invalid WARN_ON.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Key SSVC decision points have not yet been added.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4178-1	linux security update
Debian DLA	DLA-4193-1	linux-6.1 security update
EUVD	EUVD-2025-14153	In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON.
Ubuntu USN	USN-7594-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7594-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7594-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7654-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7654-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7654-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7654-4	Linux kernel (KVM) vulnerabilities
Ubuntu USN	USN-7654-5	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7655-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7686-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7711-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7712-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-7712-2	Linux kernel (Azure) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3b4643ffaf72d7a5a357e9bf68b1775f8cfe7e77
https://git.kernel.org/stable/c/9eaec071f111cd2124ce9a5b93536d3f6837d457
https://git.kernel.org/stable/c/ad926f735b4d4f10768fec7d080cadeb6d075cac
https://git.kernel.org/stable/c/b0cca357f85beb6144ab60c62dcc98508cc044bf
https://git.kernel.org/stable/c/b479839525fe7906966cdc4b5b2afbca048558a1
https://git.kernel.org/stable/c/c88f7328bb0fff66520fc9164f02b1d06e083c1b
https://git.kernel.org/stable/c/c98eb9ffb1d9c98237b5e1668eee17654e129fb0
https://git.kernel.org/stable/c/cf30432f5b3064ff85d85639c2f0106f89c566f6
https://git.kernel.org/stable/c/e6eff39dd0fe4190c6146069cc16d160e71d1148
https://lore.kernel.org/linux-cve-announce/2025050915-CVE-2025-37839-2807@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-37839
https://www.cve.org/CVERecord?id=CVE-2025-37839

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00047}`	epss `{'score': 0.00049}`

Sat, 10 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050915-CVE-2025-37839-2807@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-37839 https://www.cve.org/CVERecord?id=CVE-2025-37839
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 09 May 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON.
Title		jbd2: remove wrong sb->s_sequence check
References		https://git.kernel.org/stable/c/3b4643ffaf72d7a5a357e9bf68b1775f8cfe7e77 https://git.kernel.org/stable/c/9eaec071f111cd2124ce9a5b93536d3f6837d457 https://git.kernel.org/stable/c/ad926f735b4d4f10768fec7d080cadeb6d075cac https://git.kernel.org/stable/c/b0cca357f85beb6144ab60c62dcc98508cc044bf https://git.kernel.org/stable/c/b479839525fe7906966cdc4b5b2afbca048558a1 https://git.kernel.org/stable/c/c88f7328bb0fff66520fc9164f02b1d06e083c1b https://git.kernel.org/stable/c/c98eb9ffb1d9c98237b5e1668eee17654e129fb0 https://git.kernel.org/stable/c/cf30432f5b3064ff85d85639c2f0106f89c566f6 https://git.kernel.org/stable/c/e6eff39dd0fe4190c6146069cc16d160e71d1148

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-09T06:41:49.105Z

Updated: 2025-05-26T05:22:01.626Z

Reserved: 2025-04-16T04:51:23.952Z

Link: CVE-2025-37839

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-09T07:16:04.593

Modified: 2025-05-12T17:32:52.810

Link: CVE-2025-37839

Redhat

Severity : Moderate

Publid Date: 2025-05-09T00:00:00Z

Links: CVE-2025-37839 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object