CVE-2025-38527

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A race condition in cifs oplock break() can lead to a use-after-free of the cinode structure during unmounting. This occurs when umount releases its reference to the superblock, triggering cleanup of inodes under RCU while cifs oplock break() continues to access the cinode after it has been freed. The issue arises from accessing the cinode structure after its memory has been released, specifically within the function call sequence: cifs oplock break(), cifsFileInfo put(), cifs sb deactive(), and subsequent RCU cleanup.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.