Linux Kernel Netfs Vulnerability Affecting Linux Systems
CVE-2025-38411

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38411?

A vulnerability in the Linux kernel's netfs subsystem could lead to improper reference counting during the lifecycle of netfs requests. Specifically, if a netfs request is completed during a pause loop, it mistakenly assumes the cleanup for that request is handled. This can lead to double decrementing of reference counts, potentially causing undefined behavior or stability issues. The issue has been addressed by modifying the behavior of netfs_collect_in_app() to correctly handle the IN_PROGRESS flag, ensuring proper cleanup and lifecycle management of requests.

Affected Version(s)

Linux 329ba1cb402ac328224965b8fc7a554a5150908e

Linux 2b1424cd131cfaba4cf7040473133d26cddac088 < 9df7b5ebead649b00bf9a53a798e4bf83a1318fd

Linux 6.16-rc1

References

https://git.kernel.org/stable/c/d18facba5a5795ad44b2a00a0...

https://git.kernel.org/stable/c/9df7b5ebead649b00bf9a53a7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025