Linux Kernel NullPtr Deref in try_to_free_buffers() for folios w/o buffers
CVE-2025-71295 Published on May 6, 2026
fs/buffer: add alert in try_to_free_buffers() for folios without buffers
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: add alert in try_to_free_buffers() for folios without buffers
try_to_free_buffers() can be called on folios with no buffers attached
when filemap_release_folio() is invoked on a folio belonging to a mapping
with AS_RELEASE_ALWAYS set but no release_folio operation defined.
In such cases, folio_needs_release() returns true because of the
AS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This
causes try_to_free_buffers() to call drop_buffers() on a folio with no
buffers, leading to a null pointer dereference.
Adding a check in try_to_free_buffers() to return early if the folio has no
buffers attached, with WARN_ON_ONCE() to alert about the misconfiguration.
This provides defensive hardening.
Products Associated with CVE-2025-71295
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version d0eafc763135508be118dac208887a26c0adb74d and below 1b111a69a6e33a922622bf9870e4e63fb2b649c8 is affected.
- Version b4fa966f03b7401ceacd4ffd7227197afb2b8376 and below c1b6227555c52781178132b7a06466711855795c is affected.
- Version b4fa966f03b7401ceacd4ffd7227197afb2b8376 and below 727e5140e0cf83b4ce6a11b89bb73bff5d96f8f3 is affected.
- Version b4fa966f03b7401ceacd4ffd7227197afb2b8376 and below 42c32d7571ccd8ef32351cac506f00b0fae99fd2 is affected.
- Version b4fa966f03b7401ceacd4ffd7227197afb2b8376 and below c6246ca15999053d2632fbcc7b86e6eef7f077cb is affected.
- Version b4fa966f03b7401ceacd4ffd7227197afb2b8376 and below b68f91ef3b3fe82ad78c417de71b675699a8467c is affected.
- Version 6.1.72 and below 6.1.165 is affected.
- Version 6.6 is affected.
- Before 6.6 is unaffected.
- Version 6.1.165, <= 6.1.* is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.