-

CVE-2025-38615

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: cancle set bad inode after removing name fails

The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link.
When renaming, the file0's inode is marked as a bad inode because the file
name cannot be deleted.

The underlying bug is that make_bad_inode() is called on a live inode.
In some cases it's "icache lookup finds a normal inode, d_splice_alias()
is called to attach it to dentry, while another thread decides to call
make_bad_inode() on it - that would evict it from icache, but we'd already
found it there earlier".
In some it's outright "we have an inode attached to dentry - that's how we
got it in the first place; let's call make_bad_inode() on it just for shits
and giggles".

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < b35a50d639ca5259466ef5fea85529bb4fb17d5b
Version 78ab59fee07f22464f32eafebab2bd97ba94ff2d
Status affected
Version < 3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc
Version 78ab59fee07f22464f32eafebab2bd97ba94ff2d
Status affected
Version < 358d4f821c03add421a4c49290538a705852ccf1
Version 78ab59fee07f22464f32eafebab2bd97ba94ff2d
Status affected
Version < a285395020780adac1ffbc844069c3d700bf007a
Version 78ab59fee07f22464f32eafebab2bd97ba94ff2d
Status affected
Version < d99208b91933fd2a58ed9ed321af07dacd06ddc3
Version 78ab59fee07f22464f32eafebab2bd97ba94ff2d
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.15
Status affected
Version < 5.15
Version 0
Status unaffected
Version <= 6.6.*
Version 6.6.102
Status unaffected
Version <= 6.12.*
Version 6.12.42
Status unaffected
Version <= 6.15.*
Version 6.15.10
Status unaffected
Version <= 6.16.*
Version 6.16.1
Status unaffected
Version <= *
Version 6.17-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.057
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String