CVE-2025-38411
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38411
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38411.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38411
- Downstream
- Published
- 2025-07-25T13:20:15Z
- Modified
- 2025-10-18T03:43:58.780573Z
- Summary
- netfs: Fix double put of request
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix double put of request
If a netfs request finishes during the pause loop, it will have the ref that belongs to the INPROGRESS flag removed at that point - however, if it then goes to the final wait loop, that will *also* put the ref because it sees that the INPROGRESS flag is clear and incorrectly assumes that this happened when it called the collector.
In fact, since INPROGRESS is clear, we shouldn't call the collector again since it's done all the cleanup, such as calling ->kicomplete().
Fix this by making netfscollectinapp() just return, indicating that we're done if INPROGRESS is removed.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced329ba1cb402ac328224965b8fc7a554a5150908eFixedd18facba5a5795ad44b2a00a052e3db2fa77ab12
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2b1424cd131cfaba4cf7040473133d26cddac088Fixed9df7b5ebead649b00bf9a53a798e4bf83a1318fd
Affected versions
v6.*
v6.15
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.3
v6.15.4
v6.15.5
v6.16-rc1
v6.16-rc2
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"58126050153634545332775336407774152779",
"140841196763655272978490422468626599968",
"336509229571066101721310551811708462760",
"294680491331771583494399856805408781096"
],
"threshold": 0.9
},
"target": {
"file": "include/trace/events/netfs.h"
},
"signature_type": "Line",
"id": "CVE-2025-38411-1213681a",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9df7b5ebead649b00bf9a53a798e4bf83a1318fd"
},
{
"digest": {
"length": 1068.0,
"function_hash": "222460413171528173142508732998166444956"
},
"target": {
"file": "fs/netfs/misc.c",
"function": "netfs_wait_for_in_progress"
},
"signature_type": "Function",
"id": "CVE-2025-38411-815d7314",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18facba5a5795ad44b2a00a052e3db2fa77ab12"
},
{
"digest": {
"line_hashes": [
"95302047919006422936200756797974020967",
"139355672308621092022893329654855989107",
"12894963158774287129635942150767276503",
"15418460015676784420734665299482324689",
"114085112371630492897061109213161341677",
"39021110488301468386357545374343831991",
"67699491840332894168151991500554611674",
"118249062016534231215801614112849845643",
"15893284976600566684041914619099575487",
"269796614811854829792715561637443036618",
"247111354008529658258387390007005676398"
],
"threshold": 0.9
},
"target": {
"file": "fs/netfs/misc.c"
},
"signature_type": "Line",
"id": "CVE-2025-38411-88604b29",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18facba5a5795ad44b2a00a052e3db2fa77ab12"
},
{
"digest": {
"line_hashes": [
"95302047919006422936200756797974020967",
"139355672308621092022893329654855989107",
"12894963158774287129635942150767276503"
],
"threshold": 0.9
},
"target": {
"file": "fs/netfs/misc.c"
},
"signature_type": "Line",
"id": "CVE-2025-38411-a8956bc0",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9df7b5ebead649b00bf9a53a798e4bf83a1318fd"
},
{
"digest": {
"length": 928.0,
"function_hash": "320139595917743849076227192287843430101"
},
"target": {
"file": "fs/netfs/misc.c",
"function": "netfs_collect_in_app"
},
"signature_type": "Function",
"id": "CVE-2025-38411-b83d4087",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9df7b5ebead649b00bf9a53a798e4bf83a1318fd"
},
{
"digest": {
"line_hashes": [
"58126050153634545332775336407774152779",
"140841196763655272978490422468626599968",
"336509229571066101721310551811708462760",
"294680491331771583494399856805408781096"
],
"threshold": 0.9
},
"target": {
"file": "include/trace/events/netfs.h"
},
"signature_type": "Line",
"id": "CVE-2025-38411-c3fa1ed4",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18facba5a5795ad44b2a00a052e3db2fa77ab12"
},
{
"digest": {
"length": 827.0,
"function_hash": "18111687226757989890591405877442852452"
},
"target": {
"file": "fs/netfs/misc.c",
"function": "netfs_wait_for_pause"
},
"signature_type": "Function",
"id": "CVE-2025-38411-c6c6bcfc",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18facba5a5795ad44b2a00a052e3db2fa77ab12"
},
{
"digest": {
"length": 928.0,
"function_hash": "320139595917743849076227192287843430101"
},
"target": {
"file": "fs/netfs/misc.c",
"function": "netfs_collect_in_app"
},
"signature_type": "Function",
"id": "CVE-2025-38411-f2ce29e0",
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18facba5a5795ad44b2a00a052e3db2fa77ab12"
}
]