CVE-2025-38411

{"id": "CVE-2025-38411", "cveTags": [], "metrics": {}, "published": "2025-07-25T14:15:32.790", "references": [{"url": "https://git.kernel.org/stable/c/9df7b5ebead649b00bf9a53a798e4bf83a1318fd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d18facba5a5795ad44b2a00a052e3db2fa77ab12", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix double put of request\n\nIf a netfs request finishes during the pause loop, it will have the ref\nthat belongs to the IN_PROGRESS flag removed at that point - however, if it\nthen goes to the final wait loop, that will *also* put the ref because it\nsees that the IN_PROGRESS flag is clear and incorrectly assumes that this\nhappened when it called the collector.\n\nIn fact, since IN_PROGRESS is clear, we shouldn't call the collector again\nsince it's done all the cleanup, such as calling ->ki_complete().\n\nFix this by making netfs_collect_in_app() just return, indicating that\nwe're done if IN_PROGRESS is removed."}], "lastModified": "2025-07-25T15:29:19.837", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}