5.5

CVE-2025-38058

EPSS 0.02%
Veröffentlicht 18.06.2025 09:33:38
Zuletzt bearbeitet 18.12.2025 21:32:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

... or we risk stealing final mntput from sync umount - raising mnt_count
after umount(2) has verified that victim is not busy, but before it
has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see
that it's safe to quietly undo mnt_count increment and leaves dropping
the reference to caller, where it'll be a full-blown mntput().

Check under mount_lock is needed; leaving the current one done before
taking that makes no sense - it's nowhere near common enough to bother
with.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.294

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.238

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.185

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.141

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.93

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.31

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.9

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Linux ≫ Linux Kernel Version6.15 Updaterc5

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40

Patch

https://git.kernel.org/stable/c/b89eb56a378b7b2c1176787fc228d0a57172bdd5

Patch

https://git.kernel.org/stable/c/f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42

Patch

https://git.kernel.org/stable/c/9b0915e72b3cf52474dcee0b24a2f99d93e604a3

Patch

https://git.kernel.org/stable/c/d8ece4ced3b051e656c77180df2e69e19e24edc1

Patch

https://git.kernel.org/stable/c/8cafd7266fa02e0863bacbf872fe635c0b9725eb

Patch

https://git.kernel.org/stable/c/b55996939c71a3e1a38f3cdc6a8859797efc9083

Patch

https://git.kernel.org/stable/c/250cf3693060a5f803c5f1ddc082bb06b16112a9

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-38058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38058

EUVD