CVE-2025-39743 – A Linux kernel vulnerability in the JFS filesys... (How to Fix)

Q: What is the severity of CVE-2025-39743?

CVE-2025-39743 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in the JFS filesystem where inode pages aren't properly truncated when a hard link count reaches zero, potentially causing kernel panic or system crash. This affects systems using the JFS filesystem with vulnerable Linux kernel versions.

📋 TL;DR

A Linux kernel vulnerability in the JFS filesystem where inode pages aren't properly truncated when a hard link count reaches zero, potentially causing kernel panic or system crash. This affects systems using the JFS filesystem with vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated in CVE; check kernel commit history for affected versions.

Operating Systems: Linux distributions using JFS filesystem

Default Config Vulnerable: ✅ No

Notes: Only affects systems using JFS filesystem; many Linux distributions use ext4 by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss.

🟠

Likely Case

System crash or kernel panic when specific JFS operations are performed on files with zero hard links.

🟢

If Mitigated

System remains stable with proper patching; unpatched systems may experience crashes under specific conditions.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific JFS operations.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to manipulate JFS filesystem operations; not trivial to exploit remotely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits listed in references

Vendor Advisory: https://git.kernel.org/stable/c/1bb5cdc3e39f0c2b311fcb631258b7e60d3fb0d3

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version matches patched release

🔧 Temporary Workarounds

Disable JFS filesystem

linux

Avoid using JFS filesystem if not required

# Check if JFS is in use: mount | grep jfs
# Unmount JFS partitions if found

🧯 If You Can't Patch

Avoid using JFS filesystem for critical systems
Implement strict access controls to limit who can perform filesystem operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if JFS filesystem is in use: uname -r && mount | grep jfs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test JFS operations

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
JFS-related error messages

Network Indicators:

None - local filesystem vulnerability

SIEM Query:

Search for kernel panic events or JFS error messages in system logs

📊 Metadata

CVE ID: CVE-2025-39743

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (1th percentile)

Published: September 11, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/1bb5cdc3e39f0c2b311fcb631258b7e60d3fb0d3 Patch
https://git.kernel.org/stable/c/2b1d5ca395a5fb170c3f885cd42c16179f7f54ec Patch
https://git.kernel.org/stable/c/2d91b3765cd05016335cd5df5e5c6a29708ec058 Patch
https://git.kernel.org/stable/c/34d8e982bac48bdcca7524644a8825a580edce74 Patch
https://git.kernel.org/stable/c/5845b926c561b8333cd65169526eec357d7bb449 Patch
https://git.kernel.org/stable/c/89fff8e3d6710fc32507b8e19eb5afa9fb79b896 Patch
https://git.kernel.org/stable/c/8ed7275910fb7177012619864e04d3008763f3ea Patch
https://git.kernel.org/stable/c/b5b471820c33365a8ccd2d463578bf4e47056c2c Patch
https://git.kernel.org/stable/c/df3fd8daf278eca365f221749ae5b728e8382a04 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON