Home

Description

In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks. That's an oopsable race... The rest of the callers are safe since they are holding namespace_sem and are guaranteed a positive refcount on the mount in question. Rename the current has_locked_children() to __has_locked_children(), make it static and switch the fs/namespace.c users to it. Make has_locked_children() a wrapper for __has_locked_children(), calling the latter under read_seqlock_excl(&mount_lock).

PUBLISHED Reserved 2025-04-16 | Published 2025-07-10 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

620c266f394932e5decc4b34683a75dfc59dc2f4 (git) before 6482c3dccbfb8d20e2856ce67c75856859930b3f
affected

620c266f394932e5decc4b34683a75dfc59dc2f4 (git) before 287c7d34eedd37af1272dfb3b6e8656f4f026424
affected

620c266f394932e5decc4b34683a75dfc59dc2f4 (git) before 1f282cdc1d219c4a557f7009e81bc792820d9d9a
affected

Default status
affected

6.11
affected

Any version before 6.11
unaffected

6.12.46 (semver)
unaffected

6.15.3 (semver)
unaffected

6.16 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/6482c3dccbfb8d20e2856ce67c75856859930b3f

git.kernel.org/...c/287c7d34eedd37af1272dfb3b6e8656f4f026424

git.kernel.org/...c/1f282cdc1d219c4a557f7009e81bc792820d9d9a

cve.org (CVE-2025-38306)

nvd.nist.gov (CVE-2025-38306)

Download JSON