-
CVE-2025-38527
- EPSS 0.04%
- Veröffentlicht 16.08.2025 11:12:20
- Zuletzt bearbeitet 28.08.2025 15:15:51
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in cifs_oplock_break
A race condition can occur in cifs_oplock_break() leading to a
use-after-free of the cinode structure when unmounting:
cifs_oplock_break()
_cifsFileInfo_put(cfile)
cifsFileInfo_put_final()
cifs_sb_deactive()
[last ref, start releasing sb]
kill_sb()
kill_anon_super()
generic_shutdown_super()
evict_inodes()
dispose_list()
evict()
destroy_inode()
call_rcu(&inode->i_rcu, i_callback)
spin_lock(&cinode->open_file_lock) <- OK
[later] i_callback()
cifs_free_inode()
kmem_cache_free(cinode)
spin_unlock(&cinode->open_file_lock) <- UAF
cifs_done_oplock_break(cinode) <- UAF
The issue occurs when umount has already released its reference to the
superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this
releases the last reference, triggering the immediate cleanup of all
inodes under RCU. However, cifs_oplock_break() continues to access the
cinode after this point, resulting in use-after-free.
Fix this by holding an extra reference to the superblock during the
entire oplock break operation. This ensures that the superblock and
its inodes remain valid until the oplock break completes.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
4256a483fe58af66a46cbf3dc48ff26e580d3308
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version <
0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version <
2baaf5bbab2ac474c4f92c10fcb3310f824db995
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version <
09bce2138a30ef10d8821c8c3f73a4ab7a5726bc
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version <
da11bd4b697b393a207f19a2ed7d382a811a3ddc
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version <
705c79101ccf9edea5a00d761491a03ced314210
Version
b98749cac4a695f084a5ff076f4510b23e353ecd
Status
affected
Version
2429fcf06d3cb962693868ab0a927c9038f12a2d
Status
affected
Version
1ee4f2d7cdcd4508cc3cbe3b2622d7177b89da12
Status
affected
Version
53fc31a4853e30d6e8f142b824f724da27ff3e40
Status
affected
Version
8092ecc306d81186a64cda42411121f4d35aaff4
Status
affected
Version
ebac4d0adf68f8962bd82fcf483936edd6ec095b
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.1
Status
affected
Version <
5.1
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.1.*
Version
6.1.147
Status
unaffected
Version <=
6.6.*
Version
6.6.100
Status
unaffected
Version <=
6.12.*
Version
6.12.40
Status
unaffected
Version <=
6.15.*
Version
6.15.8
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|