CVE-2025-38306
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the Linux kernel's fs/fhandle.c file, specifically in the call to has_locked_children(). The function may_decode_fh() calls has_locked_children() without holding any locks, which can cause an 'oops' (kernel crash). Other callers are safe because they hold the namespace_sem lock and ensure a positive reference count on the mount. The fix involved renaming has_locked_children() to __has_locked_children(), making it static, and changing the users in fs/namespace.c to call the new function. Then, has_locked_children() was made a wrapper that calls __has_locked_children() under a read_seqlock_excl(&mount_lock) to prevent the race condition.
How can this vulnerability impact me? :
This vulnerability can cause a race condition leading to a kernel 'oops', which is a type of kernel crash. This can result in system instability, potential denial of service, or unexpected behavior in systems running the affected Linux kernel versions.