Race Condition in Linux Kernel Netfs Component Affects Various Applications
CVE-2025-38492

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38492?

A race condition vulnerability exists within the netfs component of the Linux kernel, where the setting of the ALL_QUEUED flag can occur after the last subrequest terminates during asynchronous write operations. This situation may prevent the collection of final notifications, resulting in a request hanging indefinitely. The vulnerability primarily affects applications utilizing netfslib, such as Ceph, during the copying of data to cache. A fix has been implemented to queue the collector after setting ALL_QUEUED, ensuring that requests are appropriately concluded even in the presence of asynchronous operations. Additionally, enhancements have been made to trace and monitor these processes effectively.

Affected Version(s)

Linux e2d46f2ec332533816417b60933954173f602121 < 110188a13c4853bd4c342e600ced4dfd26c3feb5

Linux e2d46f2ec332533816417b60933954173f602121 < 89635eae076cd8eaa5cb752f66538c9dc6c9fdc3

Linux 6.14

References

https://git.kernel.org/stable/c/110188a13c4853bd4c342e600...

https://git.kernel.org/stable/c/89635eae076cd8eaa5cb752f6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025