CVE-2025-38276Improper Locking in Linux

CWE-667Improper Locking5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 10

Description

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanning entries") introduced a new function, wait_entry_unlocked_exclusive(), which waits for the current entry to become unlocked without advancing the XArray iterator state. Waiting for the entry to become unlocked requires dropping the XArray lock. This requires calling xas_pause() prior to dropping t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.156.15.3
CVEListV5linux/linux6be3e21d25ca2dbb7ca4f3f7db808a3e1a944bd161009dd2252ab4391d44a240e891f1e04c00b9ca+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-rpxc-pcjp-7jp2: In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25c2025-07-10
OSV
CVE-2025-38276: In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca2025-07-10

📋Vendor Advisories

2
Red Hat
kernel: fs/dax: Fix "don't skip locked entries when scanning entries"2025-07-10
Debian
CVE-2025-38276: linux - In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix...2025
CVE-2025-38276 — Improper Locking in Linux | cvebase