CVE-2025-38282
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for proper pairing of kn->active counting. Assuming this mechanism is in place, the WARN check in kernfs_should_drain_open_files() is too sensitive -- it may transiently catch those (rightful) callers between kernfs_unbreak_active_protection() and kernfs_put_active() as found out by Chen Ridong: kernfs_remove_by_name_ns kernfs_get_active // active=1 __kernfs_remove // active=0x80000002 kernfs_drain ... wait_event //waiting (active == 0x80000001) kernfs_break_active_protection // active = 0x80000001 // continue kernfs_unbreak_active_protection // active = 0x80000002 ... kernfs_should_drain_open_files // warning occurs kernfs_put_active To avoid the false positives (mind panic_on_warn) remove the check altogether. (This is meant as quick fix, I think active reference break/unbreak may be simplified with larger rework.)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38282
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.15.3 (inc)
debian debian_linux 11.0
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability relates to the Linux kernel's kernfs subsystem where a constraint in the draining guard mechanism was too sensitive, causing false positive warnings. The issue involves the active reference lifecycle's break/unbreak mechanism not being properly accounted for, leading to warnings during normal operation. The fix removes the overly sensitive check to prevent these false positives.


How can this vulnerability impact me? :

The vulnerability can cause false positive warnings in the kernel, which might lead to unnecessary kernel panics if panic_on_warn is enabled. This could affect system stability by triggering unwarranted error handling during normal kernel operations.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is related to a sensitive WARN check in the Linux kernel's kernfs_should_drain_open_files() function that may cause false positives and potential panics. The immediate mitigation is to apply the patch that removes this WARN check altogether to avoid false positives and panics. Since this is a kernel-level issue, updating the Linux kernel to a version that includes this fix is the recommended immediate step.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart