CVE-2025-38058

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count
after umount(2) has verified that victim is not busy, but before it
has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see
that it's safe to quietly undo mnt_count increment and leaves dropping
the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is needed; leaving the current one done before
taking that makes no sense - it's nowhere near common enough to bother
with.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-06-18 CVE Published
2025-06-18 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40	2025-06-04
https://git.kernel.org/stable/c/b89eb56a378b7b2c1176787fc228d0a57172bdd5	2025-06-04
https://git.kernel.org/stable/c/f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42	2025-06-04
https://git.kernel.org/stable/c/9b0915e72b3cf52474dcee0b24a2f99d93e604a3	2025-06-04
https://git.kernel.org/stable/c/d8ece4ced3b051e656c77180df2e69e19e24edc1	2025-06-04
https://git.kernel.org/stable/c/8cafd7266fa02e0863bacbf872fe635c0b9725eb	2025-05-29
https://git.kernel.org/stable/c/b55996939c71a3e1a38f3cdc6a8859797efc9083	2025-05-29
https://git.kernel.org/stable/c/250cf3693060a5f803c5f1ddc082bb06b16112a9	2025-05-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.294 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.238 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.185 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.185"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.141 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.141"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.93 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.31 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.15 Search vendor "Linux" for product "Linux Kernel" and version " < 6.15"		en		Affected