Race Condition in Linux Kernel Affecting Inotify Functionality

CVE-2025-40237

What is CVE-2025-40237?

A race condition vulnerability exists in the Linux Kernel, specifically impacting the inotify functionality. When invoking intotify_show_fdinfo() on a file descriptor associated with an overlayfs inode during the unmounting process, it can lead to a NULL pointer dereference. This occurs as a result of modifications to the inode's superblock root during shutdown operations. The issue was identified using syzkaller, revealing potential exposure to general protection faults. A proposed fix ensures that calls to exportfs_encode_fid() are protected by acquiring the s_umount lock, preventing access to de-referenced pointers once they are set to NULL. Various changes in the kernel ensure enhanced stability and performance while addressing this critical flaw.

References