CVE-2025-40203
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40203
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40203.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-40203
- Downstream
- Published
- 2025-11-12T21:56:34Z
- Modified
- 2025-11-13T03:29:51.061565Z
- Summary
- listmount: don't call path_put() under namespace semaphore
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
listmount: don't call path_put() under namespace semaphore
Massage listmount() and make sure we don't call path_put() under the namespace semaphore. If we put the last reference we're fscked.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb4c2bea8ceaa50cd42a8f73667389d801a3ecf2dFixed659874b7ee4976ad9ce476e07fd36bc67b3537f1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb4c2bea8ceaa50cd42a8f73667389d801a3ecf2dFixed9c80da26fda2fdcaac7f92b5908875b3108830ff
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb4c2bea8ceaa50cd42a8f73667389d801a3ecf2dFixedc1f86d0ac322c7e77f6f8dbd216c65d39358ffc0
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-40203-08cea66a",
"target": {
"function": "do_listmount",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c80da26fda2fdcaac7f92b5908875b3108830ff",
"signature_type": "Function",
"digest": {
"function_hash": "338651850476768104050442178619986690255",
"length": 1160.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-0da55272",
"target": {
"function": "SYSCALL_DEFINE4",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@659874b7ee4976ad9ce476e07fd36bc67b3537f1",
"signature_type": "Function",
"digest": {
"function_hash": "3734719821555294734283006905015125586",
"length": 1154.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-1223aef5",
"target": {
"function": "do_listmount",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0",
"signature_type": "Function",
"digest": {
"function_hash": "338651850476768104050442178619986690255",
"length": 1160.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-21d9e96d",
"target": {
"function": "SYSCALL_DEFINE4",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c80da26fda2fdcaac7f92b5908875b3108830ff",
"signature_type": "Function",
"digest": {
"function_hash": "3734719821555294734283006905015125586",
"length": 1154.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-2e2f8066",
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@659874b7ee4976ad9ce476e07fd36bc67b3537f1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18440901194337947958802063388303787218",
"69670303904950224183255714428269125138",
"56782145542985555551858907783780923503",
"266827790450299731804773382769278979492",
"72366798086562181487965915496857104475",
"264206731786900505284732125867823551991",
"266911971722102645043272157606753251882",
"206800739427911408276857321635703320559",
"309699122807343202539107621676570820818",
"276698126140008189960057940885760283297",
"146852054277154336145717790852621398668",
"53354092400231092160386032259152077444",
"315816276704940855757054879665513895311",
"103370204686060879205861745154668751370",
"257258493915984275741014250725163592865",
"339554692921792505403172770922146090820",
"113057831776086534910153246898566455019",
"7118771535853736959288910061132533623",
"199952134471921504953544552241331157950",
"325221367273558931588287043738909002967",
"130278079496807128296370514975847316552",
"197205339380004272027251236906153772079",
"326146201076867165606343330815753948055",
"196155228727241546207389746800503829538",
"137432746000000037444183471546995934721",
"75340096470758541498217044652660767197",
"214716548088888550465127321092723854751",
"220806613963850199776691826523210223953",
"2181051281767284540410154747057742673",
"242918711432299185370191318192964045443",
"20030111209838545616420223963225947827",
"222713601933326629775103441808756484689",
"255710431328648043943929848173683038865",
"219588521303736591621633950687996216323",
"128695240857587893403896945968979448073",
"172214758165759881353154424717101050512",
"318287821912381376066966309487625755156",
"154434271330786937823451190409307002002",
"134583822944320237420319011716769355199",
"184430211835563663597983973191810821384",
"328506690572878769740121462594594987696",
"190848181702569245142764617826941847075",
"177973857027982692798146270637937800418",
"141529593487716676097456715807514587654",
"133383082789764457327772483521135055821",
"61901248793289996882485228529271318493",
"264006805477900283385024026473114965810",
"330361909045095673891205542560868695962",
"81239203051351443602110775925308432153",
"48742551488029209091221620226796016914",
"253200728530860263610448051455358213148",
"280630186912081381435355503905211276295",
"265299604743061070181983811499044063216",
"295685665192883965995258476011830796274"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-50537e6d",
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c80da26fda2fdcaac7f92b5908875b3108830ff",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18440901194337947958802063388303787218",
"69670303904950224183255714428269125138",
"56782145542985555551858907783780923503",
"266827790450299731804773382769278979492",
"72366798086562181487965915496857104475",
"264206731786900505284732125867823551991",
"266911971722102645043272157606753251882",
"206800739427911408276857321635703320559",
"309699122807343202539107621676570820818",
"276698126140008189960057940885760283297",
"146852054277154336145717790852621398668",
"53354092400231092160386032259152077444",
"315816276704940855757054879665513895311",
"103370204686060879205861745154668751370",
"257258493915984275741014250725163592865",
"339554692921792505403172770922146090820",
"113057831776086534910153246898566455019",
"7118771535853736959288910061132533623",
"199952134471921504953544552241331157950",
"325221367273558931588287043738909002967",
"130278079496807128296370514975847316552",
"197205339380004272027251236906153772079",
"326146201076867165606343330815753948055",
"196155228727241546207389746800503829538",
"137432746000000037444183471546995934721",
"75340096470758541498217044652660767197",
"214716548088888550465127321092723854751",
"220806613963850199776691826523210223953",
"2181051281767284540410154747057742673",
"242918711432299185370191318192964045443",
"20030111209838545616420223963225947827",
"222713601933326629775103441808756484689",
"255710431328648043943929848173683038865",
"219588521303736591621633950687996216323",
"128695240857587893403896945968979448073",
"172214758165759881353154424717101050512",
"318287821912381376066966309487625755156",
"154434271330786937823451190409307002002",
"134583822944320237420319011716769355199",
"184430211835563663597983973191810821384",
"328506690572878769740121462594594987696",
"190848181702569245142764617826941847075",
"177973857027982692798146270637937800418",
"141529593487716676097456715807514587654",
"133383082789764457327772483521135055821",
"61901248793289996882485228529271318493",
"264006805477900283385024026473114965810",
"330361909045095673891205542560868695962",
"81239203051351443602110775925308432153",
"48742551488029209091221620226796016914",
"253200728530860263610448051455358213148",
"280630186912081381435355503905211276295",
"265299604743061070181983811499044063216",
"295685665192883965995258476011830796274"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-84fef80a",
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"18440901194337947958802063388303787218",
"69670303904950224183255714428269125138",
"56782145542985555551858907783780923503",
"266827790450299731804773382769278979492",
"72366798086562181487965915496857104475",
"264206731786900505284732125867823551991",
"266911971722102645043272157606753251882",
"206800739427911408276857321635703320559",
"309699122807343202539107621676570820818",
"276698126140008189960057940885760283297",
"146852054277154336145717790852621398668",
"53354092400231092160386032259152077444",
"315816276704940855757054879665513895311",
"103370204686060879205861745154668751370",
"257258493915984275741014250725163592865",
"339554692921792505403172770922146090820",
"113057831776086534910153246898566455019",
"7118771535853736959288910061132533623",
"199952134471921504953544552241331157950",
"325221367273558931588287043738909002967",
"130278079496807128296370514975847316552",
"197205339380004272027251236906153772079",
"326146201076867165606343330815753948055",
"196155228727241546207389746800503829538",
"137432746000000037444183471546995934721",
"75340096470758541498217044652660767197",
"214716548088888550465127321092723854751",
"220806613963850199776691826523210223953",
"2181051281767284540410154747057742673",
"242918711432299185370191318192964045443",
"20030111209838545616420223963225947827",
"222713601933326629775103441808756484689",
"255710431328648043943929848173683038865",
"219588521303736591621633950687996216323",
"128695240857587893403896945968979448073",
"172214758165759881353154424717101050512",
"318287821912381376066966309487625755156",
"154434271330786937823451190409307002002",
"134583822944320237420319011716769355199",
"184430211835563663597983973191810821384",
"328506690572878769740121462594594987696",
"190848181702569245142764617826941847075",
"177973857027982692798146270637937800418",
"141529593487716676097456715807514587654",
"133383082789764457327772483521135055821",
"61901248793289996882485228529271318493",
"264006805477900283385024026473114965810",
"330361909045095673891205542560868695962",
"81239203051351443602110775925308432153",
"48742551488029209091221620226796016914",
"253200728530860263610448051455358213148",
"280630186912081381435355503905211276295",
"265299604743061070181983811499044063216",
"295685665192883965995258476011830796274"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-c2cd4b53",
"target": {
"function": "SYSCALL_DEFINE4",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0",
"signature_type": "Function",
"digest": {
"function_hash": "3734719821555294734283006905015125586",
"length": 1154.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-40203-f1b30805",
"target": {
"function": "do_listmount",
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@659874b7ee4976ad9ce476e07fd36bc67b3537f1",
"signature_type": "Function",
"digest": {
"function_hash": "87504284860616300025125962752770581900",
"length": 1175.0
},
"deprecated": false,
"signature_version": "v1"
}
]