CVE-2025-39835 – A Linux kernel XFS filesystem vulnerability whe... (How to Fix)

Q: What is the severity of CVE-2025-39835?

CVE-2025-39835 has a CVSS score of 7.8 (HIGH). A Linux kernel XFS filesystem vulnerability where disk medium errors returning ENODATA are incorrectly interpreted as 'attribute not found' by xattr code. This can cause kernel oops (crashes) or incorrect error reporting to userspace. Affects systems using XFS filesystems with extended attributes.

📋 TL;DR

A Linux kernel XFS filesystem vulnerability where disk medium errors returning ENODATA are incorrectly interpreted as 'attribute not found' by xattr code. This can cause kernel oops (crashes) or incorrect error reporting to userspace. Affects systems using XFS filesystems with extended attributes.

💻 Affected Systems

Products:

Linux kernel XFS filesystem implementation

Versions: Linux kernel versions with specific XFS commits (prior to fixes in stable kernels)

Operating Systems: Linux distributions using XFS filesystem

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using XFS filesystem with extended attributes. Requires disk medium errors to trigger.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel oops leading to system crash or denial of service when accessing extended attributes on a failing disk.

🟠

Likely Case

Incorrect error reporting where disk I/O failures appear as 'attribute not found' to applications, potentially causing application logic errors.

🟢

If Mitigated

Disk errors are properly reported as I/O failures rather than attribute lookup failures.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific disk error conditions.

🏢 Internal Only: MEDIUM - Local users or services with filesystem access could trigger this with failing storage media.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires ability to cause disk medium errors and access to extended attributes. More likely to occur naturally with failing storage hardware.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits: 157ddfb05961c68ab7d457a462822a698e4e4bf4, 39fc2742ca14f7fbc621ce9b43bcbd00248cb9a8, 90bae69c2959c39912f0c2f07a9a7894f3fc49f5, ae668cd567a6a7622bc813ee0bb61c42bed61ba7, d3cc7476b89fb45b7e00874f4f56f6b928467c60

Vendor Advisory: https://git.kernel.org/stable/c/157ddfb05961c68ab7d457a462822a698e4e4bf4

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Avoid XFS extended attributes

linux

Do not use extended attributes on XFS filesystems if possible

Monitor disk health

linux

Regularly check disk health to prevent medium errors

smartctl -a /dev/sdX
dmesg | grep -i error

🧯 If You Can't Patch

Monitor system logs for XFS errors and kernel oops messages
Implement storage redundancy and regular backups to mitigate data loss from disk failures

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if XFS filesystem is in use: uname -r && mount | grep xfs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test extended attribute operations on XFS

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in dmesg
XFS error messages about ENODATA/ENOATTR
Disk I/O error messages

SIEM Query:

source="kernel" AND ("oops" OR "XFS" AND ("error" OR "ENODATA" OR "ENOATTR"))

📊 Metadata

CVE ID: CVE-2025-39835

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (1th percentile)

Published: September 16, 2025

Last Updated: January 16, 2026

🔗 References

https://git.kernel.org/stable/c/157ddfb05961c68ab7d457a462822a698e4e4bf4 Patch
https://git.kernel.org/stable/c/39fc2742ca14f7fbc621ce9b43bcbd00248cb9a8 Patch
https://git.kernel.org/stable/c/90bae69c2959c39912f0c2f07a9a7894f3fc49f5 Patch
https://git.kernel.org/stable/c/ae668cd567a6a7622bc813ee0bb61c42bed61ba7 Patch
https://git.kernel.org/stable/c/d3cc7476b89fb45b7e00874f4f56f6b928467c60 Patch
https://git.kernel.org/stable/c/dcdf36f1b67884c722abce9b8946e34ffb9f67c8 Patch
https://git.kernel.org/stable/c/e358d4b6225e4c1eb208686a05e360ef8df59e07 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON