{"id":"AZL-64634","summary":"CVE-2025-38167 affecting package kernel for versions less than 6.6.96.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: handle hdr_first_de() return value\n\nThe hdr_first_de() function returns a pointer to a struct NTFS_DE. This\npointer may be NULL. To handle the NULL error effectively, it is important\nto implement an error handler. This will help manage potential errors\nconsistently.\n\nAdditionally, error handling for the return value already exists at other\npoints where this function is called.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.","modified":"2026-04-01T05:04:56.893105Z","published":"2025-07-03T09:15:32Z","upstream":["CVE-2025-38167"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38167"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.96.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64634.json"}}],"schema_version":"1.7.5"}