CVE-2025-38615

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw within the fs/ntfs3 component where a live inode can be incorrectly marked as a bad inode during file renaming operations, specifically when a file name cannot be deleted. This occurs due to the make bad inode() function being called on an inode that is currently in use. The issue arises when an inode is found through the icache, attached to a dentry, and then simultaneously marked as bad by another thread.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2026-02822

CVE-2025-38615

ECHO-84CE-4FC8-6AD8

MGASA-2025-0234

MGASA-2025-0235

OESA-2025-2407

OESA-2025-2408

OESA-2025-2532

OESA-2025-2536

OESA-2025-2537

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-38615

Weakness Enumeration

Related Identifiers

Affected Products

References · 1364