CVE-2025-40203

Summary

In the Linux kernel, the following vulnerability has been resolved:

listmount: don't call path_put() under namespace semaphore

Massage listmount() and make sure we don't call path_put() under the namespace semaphore. If we put the last reference we're fscked.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb4c2bea8ceaa50cd42a8f73667389d801a3ecf2d < 659874b7ee4976ad9ce476e07fd36bc67b3537f1affected
LinuxLinuxb4c2bea8ceaa50cd42a8f73667389d801a3ecf2d < 9c80da26fda2fdcaac7f92b5908875b3108830ffaffected
LinuxLinuxb4c2bea8ceaa50cd42a8f73667389d801a3ecf2d < c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.54 <= 6.12.*unaffected
LinuxLinux6.17.4 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References