CVE-2025-10823: 
CBL Mariner vulnerability analysis and mitigation

A vulnerability was discovered in axboe fio versions up to 3.41, identified as CVE-2025-10823. The issue affects the strbufferpattern_cb function in the options.c file, where a null pointer dereference vulnerability exists. The vulnerability was discovered and disclosed on September 11, 2025, and affects the fio software package (GitHub Issue, VulDB).

The vulnerability occurs in the strbufferpatterncb function (options.c:1620) when parsing a jobfile. If the bufferpattern configuration option is specified without a value (e.g., buffer_pattern=), the parser passes a NULL pointer into the callback. The function then attempts to call strlen() on this NULL pointer, resulting in a segmentation fault. The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (Low) (Ubuntu CVE).

When exploited, this vulnerability leads to a null pointer dereference that can cause the application to crash, affecting its availability. The impact is considered low as it requires local access to exploit and primarily affects system availability without compromising confidentiality or integrity (VulDB).

A simple null check before using strlen() would prevent this issue. Users are advised to update to a version newer than 3.41 once a patch is available. Currently, there are no official workarounds published (GitHub Issue).