CVE-2025-38058

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38058
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38058.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38058
Downstream
Related
Published
2025-06-18T09:33:38.022Z
Modified
2026-05-15T04:13:31.886827314Z
Summary
__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
Details

In the Linux kernel, the following vulnerability has been resolved:

__legitimizemnt(): check for MNTSYNCUMOUNT should be under mountlock

... or we risk stealing final mntput from sync umount - raising mntcount after umount(2) has verified that victim is not busy, but before it has set MNTSYNC_UMOUNT; in that case __legitimizemnt() doesn't see that it's safe to quietly undo mntcount increment and leaves dropping the reference to caller, where it'll be a full-blown mntput().

Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it's nowhere near common enough to bother with.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38058.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.13.0
Fixed
5.4.294
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.238
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.185
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.141
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.93
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.31
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38058.json"