{"id":"AZL-67529","summary":"CVE-2025-39842 affecting package kernel for versions less than 6.6.112.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: prevent release journal inode after journal shutdown\n\nBefore calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already\nbeen executed in ocfs2_dismount_volume(), so osb-\u003ejournal must be NULL. \nTherefore, the following calltrace will inevitably fail when it reaches\njbd2_journal_release_jbd_inode().\n\nocfs2_dismount_volume()-\u003e\n  ocfs2_delete_osb()-\u003e\n    ocfs2_free_slot_info()-\u003e\n      __ocfs2_free_slot_info()-\u003e\n        evict()-\u003e\n          ocfs2_evict_inode()-\u003e\n            ocfs2_clear_inode()-\u003e\n\t      jbd2_journal_release_jbd_inode(osb-\u003ejournal-\u003ej_journal,\n\nAdding osb-\u003ejournal checks will prevent null-ptr-deref during the above\nexecution path.","modified":"2026-04-01T05:21:14.469621Z","published":"2025-09-19T16:15:42Z","upstream":["CVE-2025-39842"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39842"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.112.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67529.json"}}],"schema_version":"1.7.5"}