CVE-2025-38058

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38058

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38058.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38058

Downstream

BELL-CVE-2025-38058

DEBIAN-CVE-2025-38058

DSA-5973-1

ECHO-7404-5ab5-cdc5

OESA-2025-1726

SUSE-SU-2025:02846-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38058

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

Related

Published

2025-06-18T10:15:38Z

Modified

2025-08-12T21:01:39Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

_legitimizemnt(): check for MNTSYNCUMOUNT should be under mount_lock

... or we risk stealing final mntput from sync umount - raising mntcount after umount(2) has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in that case _legitimizemnt() doesn't see that it's safe to quietly undo mntcount increment and leaves dropping the reference to caller, where it'll be a full-blown mntput().

Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it's nowhere near common enough to bother with.

References

Affected packages