CVE-2025-71074

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists within the functionfs implementation, specifically in the ffs epfile open() function. This condition can occur when a file is opened and removed concurrently, potentially leading to a use-after-free condition on subsequent read or write operations. The issue stems from the misuse of ffs->opened and inconsistencies in atomic operations. Specifically, the use of atomic dec and test() versus atomic add return() creates a window where an object remains visible despite being freed. The vulnerability is addressed by serializing openers on ffs->mutex, utilizing atomic inc not zero() for dynamic files, marking inodes of dynamic files upon removal, and verifying file state during the open process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.