CVE-2025-38282

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

The Linux kernel contains a flaw within the kernfs subsystem related to the active reference lifecycle and draining guard mechanisms. The kernfs should drain open files() check was overly sensitive, potentially triggering false positives during legitimate operations between kernfs unbreak active protection() and kernfs put active(). This issue stemmed from the active reference not being truly active after unbreak, despite being crucial for accurate counting.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

AZL-65022

BDU:2025-09675

CVE-2025-38282

DLA-4328-1

DSA-5973-1

ECHO-4451-2E3D-A649

MGASA-2025-0218

MGASA-2025-0219

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38282

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 1336