Use-after-free Vulnerability in Linux Kernel's CIFS Client
CVE-2025-38527
What is CVE-2025-38527?
A significant vulnerability exists in the Linux kernel's CIFS client, leading to a use-after-free condition in the cinode structure during the unmounting process. This issue arises when the cifs_oplock_break() function is called, initiating an oplock break while the superblock reference is already released, allowing unsafe access to previously freed memory. The flaw could be exploited potentially leading to system instability or arbitrary code execution under certain conditions. The vulnerability has been addressed by ensuring an additional reference to the superblock is held throughout the oplock break operation, maintaining the integrity of the cinode access during the critical section.
Affected Version(s)
Linux b98749cac4a695f084a5ff076f4510b23e353ecd < 0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b
Linux b98749cac4a695f084a5ff076f4510b23e353ecd < 2baaf5bbab2ac474c4f92c10fcb3310f824db995
Linux b98749cac4a695f084a5ff076f4510b23e353ecd < 09bce2138a30ef10d8821c8c3f73a4ab7a5726bc