DEBIAN-CVE-2025-38306
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-38306
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38306.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-38306
- Upstream
- Published
- 2025-07-10T08:15:29Z
- Modified
- 2025-09-25T04:40:52.149246Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of haslockedchildren() maydecodefh() is calling haslockedchildren() while holding no locks. That's an oopsable race... The rest of the callers are safe since they are holding namespacesem and are guaranteed a positive refcount on the mount in question. Rename the current haslockedchildren() to _haslockedchildren(), make it static and switch the fs/namespace.c users to it. Make haslockedchildren() a wrapper for _haslockedchildren(), calling the latter under readseqlockexcl(&mountlock).
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1
Affected versions
6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1