CVE-2025-38282
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
kernfs: Relax constraint in draining guard
The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak – callers don't use it afterwards but it's important for proper pairing of kn->active counting. Assuming this mechanism is in place, the WARN check in kernfs_should_drain_open_files() is too sensitive – it may transiently catch those (rightful) callers between kernfs_unbreak_active_protection() and kernfs_put_active() as found out by Chen Ridong:
kernfs_remove_by_name_ns kernfs_get_active // active=1
__kernfs_remove // active=0x80000002
kernfs_drain ...
wait_event
//waiting (active == 0x80000001)
kernfs_break_active_protection
// active = 0x80000001
// continue
kernfs_unbreak_active_protection
// active = 0x80000002
...
kernfs_should_drain_open_files
// warning occurs
kernfs_put_active
To avoid the false positives (mind panic_on_warn) remove the check altogether. (This is meant as quick fix, I think active reference break/unbreak may be simplified with larger rework.)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 2d6a67c2b3b87808a347dc1047b520a9dd177a4f | affected |
| Linux | Linux | bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 6c81f1c7812c61f187bed1b938f1d2e391d503ab | affected |
| Linux | Linux | bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 6bfb154f95d5f0ab7ed056f23aba8c1a94cb3927 | affected |
| Linux | Linux | bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 72275c888f8962b406ee9c6885c79bf68cca5a63 | affected |
| Linux | Linux | bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 < 071d8e4c2a3b0999a9b822e2eb8854784a350f8a | affected |
| Linux | Linux | 6.1 | affected |
| Linux | Linux | 0 < 6.1 | unaffected |
| Linux | Linux | 6.1.142 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.94 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.34 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.3 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/2d6a67c2b3b87808a347dc1047b520a9dd177a4f
- https://git.kernel.org/stable/c/6c81f1c7812c61f187bed1b938f1d2e391d503ab
- https://git.kernel.org/stable/c/6bfb154f95d5f0ab7ed056f23aba8c1a94cb3927
- https://git.kernel.org/stable/c/72275c888f8962b406ee9c6885c79bf68cca5a63
- https://git.kernel.org/stable/c/071d8e4c2a3b0999a9b822e2eb8854784a350f8a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.