CVE-2025-38058
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.4.294 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.238 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.185 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.141 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.93 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.31 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.14.9 (exc) |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves improper handling in the __legitimize_mnt() function, where a check for MNT_SYNC_UMOUNT is done outside the mount_lock. This can lead to a situation where the mount count (mnt_count) is incorrectly incremented after an unmount operation has verified the mount point is not busy but before the MNT_SYNC_UMOUNT flag is set. As a result, __legitimize_mnt() fails to recognize that it should undo the increment quietly, causing a full mntput() call that can lead to resource mismanagement.
How can this vulnerability impact me? :
The vulnerability can cause incorrect reference counting on mount points, potentially leading to resource leaks or improper resource cleanup in the Linux kernel. This may affect system stability or security by allowing unexpected behavior during unmount operations.