CVE-2025-37988

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns a couple of races in MNT TREE BENEATH handling by do move mount(). Normally, do lock mount() locks a mountpoint pinned by the path, but in the 'beneath' case, the object being locked is not the one the path points to. It's the mountpoint of path->mnt, and without sufficient locking, ->mnt parent may change, and none of the locks are held at that point. The fix involves grabbing both dentry and mount at the same time to make inode lock() safe and avoid the problem with the filesystem getting shut down.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-362

Related Identifiers

BDU:2025-12366

CVE-2025-37988

MGASA-2025-0182

MGASA-2025-0183

OESA-2025-1594

OESA-2025-1595

USN-7594-1

USN-7594-2

USN-7594-3

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-37988

Weakness Enumeration

Related Identifiers

Affected Products

References · 1449