CVE-2025-38282

Summary

In the Linux kernel, the following vulnerability has been resolved:

kernfs: Relax constraint in draining guard

The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak – callers don't use it afterwards but it's important for proper pairing of kn->active counting. Assuming this mechanism is in place, the WARN check in kernfs_should_drain_open_files() is too sensitive – it may transiently catch those (rightful) callers between kernfs_unbreak_active_protection() and kernfs_put_active() as found out by Chen Ridong:

kernfs_remove_by_name_ns	kernfs_get_active // active=1
__kernfs_remove					  // active=0x80000002
kernfs_drain			...
wait_event
//waiting (active == 0x80000001)
				kernfs_break_active_protection
				// active = 0x80000001
// continue
				kernfs_unbreak_active_protection
				// active = 0x80000002
...
kernfs_should_drain_open_files
// warning occurs
				kernfs_put_active

To avoid the false positives (mind panic_on_warn) remove the check altogether. (This is meant as quick fix, I think active reference break/unbreak may be simplified with larger rework.)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 2d6a67c2b3b87808a347dc1047b520a9dd177a4faffected
LinuxLinuxbdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 6c81f1c7812c61f187bed1b938f1d2e391d503abaffected
LinuxLinuxbdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 6bfb154f95d5f0ab7ed056f23aba8c1a94cb3927affected
LinuxLinuxbdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 72275c888f8962b406ee9c6885c79bf68cca5a63affected
LinuxLinuxbdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 071d8e4c2a3b0999a9b822e2eb8854784a350f8aaffected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.142 <= 6.1.*unaffected
LinuxLinux6.6.94 <= 6.6.*unaffected
LinuxLinux6.12.34 <= 6.12.*unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References