CVE-2025-38058

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38058
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38058.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38058
Downstream
Related
Published
2025-06-18T10:15:38Z
Modified
2025-08-12T21:01:39Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

_legitimizemnt(): check for MNTSYNCUMOUNT should be under mount_lock

... or we risk stealing final mntput from sync umount - raising mntcount after umount(2) has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in that case _legitimizemnt() doesn't see that it's safe to quietly undo mntcount increment and leaves dropping the reference to caller, where it'll be a full-blown mntput().

Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it's nowhere near common enough to bother with.

References

Affected packages