CVE-2025-38306
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38306
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38306.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38306
- Downstream
- Published
- 2025-07-10T07:42:16Z
- Modified
- 2025-10-17T03:08:57.478237Z
- Summary
- fs/fhandle.c: fix a race in call of has_locked_children()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fs/fhandle.c: fix a race in call of haslockedchildren()
maydecodefh() is calling haslockedchildren() while holding no locks. That's an oopsable race...
The rest of the callers are safe since they are holding namespace_sem and are guaranteed a positive refcount on the mount in question.
Rename the current haslockedchildren() to _haslocked_children(), make it static and switch the fs/namespace.c users to it.
Make haslockedchildren() a wrapper for _haslockedchildren(), calling the latter under readseqlockexcl(&mountlock).
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced620c266f394932e5decc4b34683a75dfc59dc2f4Fixed6482c3dccbfb8d20e2856ce67c75856859930b3f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced620c266f394932e5decc4b34683a75dfc59dc2f4Fixed287c7d34eedd37af1272dfb3b6e8656f4f026424
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced620c266f394932e5decc4b34683a75dfc59dc2f4Fixed1f282cdc1d219c4a557f7009e81bc792820d9d9a
Affected versions
v6.*
v6.10
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
Database specific
vanir_signatures
[
{
"digest": {
"length": 271.0,
"function_hash": "102037988043678474628485659340079871435"
},
"target": {
"file": "fs/namespace.c",
"function": "has_locked_children"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@287c7d34eedd37af1272dfb3b6e8656f4f026424",
"id": "CVE-2025-38306-0bdb2a0b",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"length": 271.0,
"function_hash": "102037988043678474628485659340079871435"
},
"target": {
"file": "fs/namespace.c",
"function": "has_locked_children"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6482c3dccbfb8d20e2856ce67c75856859930b3f",
"id": "CVE-2025-38306-36a8144c",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"320567251743452621059779879447598821967",
"314538336672805227339801655166771996618",
"205158533590672709930309179697520792782",
"145533738849721156812884129730753363995",
"69553126334226563260035661953038644906",
"238958264319229867906847496784450063435",
"17208101411401182190066071149263445108",
"313544950747540737616117693862411054511",
"104400767629359453212385043366164896450",
"170211346477721293390228058716407806625",
"28683983011900933252203749506581511915",
"221417278103614851563102438509397352527",
"97624219604183340886502292686766515156",
"339433403731736792334755551076494154398",
"246013070428620311896877566705392572904",
"148295087075459662569032376408747600116",
"15728617353110950677190065466913551668",
"240520503380088774907148879608410882854",
"334290261735205961817222971885204016058"
],
"threshold": 0.9
},
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@287c7d34eedd37af1272dfb3b6e8656f4f026424",
"id": "CVE-2025-38306-610783df",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"length": 271.0,
"function_hash": "102037988043678474628485659340079871435"
},
"target": {
"file": "fs/namespace.c",
"function": "has_locked_children"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f282cdc1d219c4a557f7009e81bc792820d9d9a",
"id": "CVE-2025-38306-6bb27aef",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"320567251743452621059779879447598821967",
"314538336672805227339801655166771996618",
"205158533590672709930309179697520792782",
"145533738849721156812884129730753363995",
"80339119545987343889880923326793540210",
"282653701557789697551335388384099288471",
"148686281145491656691663855958114056585",
"265683087169214642580915905246006171601",
"320555127435874644278204920336764902111",
"325235527251721112455046522954748854076",
"307410780325451380600183551283359304644",
"300996225140194464958803097604899174187",
"238876338235121698971050391513606559348",
"339433403731736792334755551076494154398",
"246013070428620311896877566705392572904",
"148295087075459662569032376408747600116",
"15728617353110950677190065466913551668",
"240520503380088774907148879608410882854",
"334290261735205961817222971885204016058"
],
"threshold": 0.9
},
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6482c3dccbfb8d20e2856ce67c75856859930b3f",
"id": "CVE-2025-38306-d8194228",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"320567251743452621059779879447598821967",
"314538336672805227339801655166771996618",
"205158533590672709930309179697520792782",
"145533738849721156812884129730753363995",
"69553126334226563260035661953038644906",
"238958264319229867906847496784450063435",
"17208101411401182190066071149263445108",
"313544950747540737616117693862411054511",
"104400767629359453212385043366164896450",
"170211346477721293390228058716407806625",
"28683983011900933252203749506581511915",
"221417278103614851563102438509397352527",
"97624219604183340886502292686766515156",
"339433403731736792334755551076494154398",
"246013070428620311896877566705392572904",
"148295087075459662569032376408747600116",
"15728617353110950677190065466913551668",
"240520503380088774907148879608410882854",
"334290261735205961817222971885204016058"
],
"threshold": 0.9
},
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f282cdc1d219c4a557f7009e81bc792820d9d9a",
"id": "CVE-2025-38306-f5d26d81",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
]