CVE-2025-38580

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw within the ext4 filesystem implementation. Specifically, a use-after-free issue can occur in the ext4 end io rsv work() function. This is due to inconsistencies in checks within ext4 io end defer completion() and ext4 put io end defer(), potentially leading to an inode being freed before ext4 end io rsv work() is called. The issue is related to the handling of io end structures and the i rsv conversion list. Refactoring ext4 put io end defer() to directly call ext4 io end defer completion() and adding an ext4 emergency state() check are part of the resolution.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.