CVE-2025-38357

{"id": "CVE-2025-38357", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-25T13:15:24.463", "references": [{"url": "https://git.kernel.org/stable/c/b48878aee8e7311411148c7a67c8f0b02f571d75", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/befd9a71d859ea625eaa84dae1b243efb3df3eca", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix runtime warning on truncate_folio_batch_exceptionals()\n\nThe WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() to\ncapture whether the filesystem has removed all DAX entries or not.\n\nAnd the fix has been applied on the filesystem xfs and ext4 by the commit\n0e2f80afcfa6 (\"fs/dax: ensure all pages are idle prior to filesystem\nunmount\").\n\nApply the missed fix on filesystem fuse to fix the runtime warning:\n\n[ 2.011450] ------------[ cut here ]------------\n[ 2.011873] WARNING: CPU: 0 PID: 145 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0x272/0x2b0\n[ 2.012468] Modules linked in:\n[ 2.012718] CPU: 0 UID: 1000 PID: 145 Comm: weston Not tainted 6.16.0-rc2-WSL2-STABLE #2 PREEMPT(undef)\n[ 2.013292] RIP: 0010:truncate_folio_batch_exceptionals+0x272/0x2b0\n[ 2.013704] Code: 48 63 d0 41 29 c5 48 8d 1c d5 00 00 00 00 4e 8d 6c 2a 01 49 c1 e5 03 eb 09 48 83 c3 08 49 39 dd 74 83 41 f6 44 1c 08 01 74 ef <0f> 0b 49 8b 34 1e 48 89 ef e8 10 a2 17 00 eb df 48 8b 7d 00 e8 35\n[ 2.014845] RSP: 0018:ffffa47ec33f3b10 EFLAGS: 00010202\n[ 2.015279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 2.015884] RDX: 0000000000000000 RSI: ffffa47ec33f3ca0 RDI: ffff98aa44f3fa80\n[ 2.016377] RBP: ffff98aa44f3fbf0 R08: ffffa47ec33f3ba8 R09: 0000000000000000\n[ 2.016942] R10: 0000000000000001 R11: 0000000000000000 R12: ffffa47ec33f3ca0\n[ 2.017437] R13: 0000000000000008 R14: ffffa47ec33f3ba8 R15: 0000000000000000\n[ 2.017972] FS: 000079ce006afa40(0000) GS:ffff98aade441000(0000) knlGS:0000000000000000\n[ 2.018510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 2.018987] CR2: 000079ce03e74000 CR3: 000000010784f006 CR4: 0000000000372eb0\n[ 2.019518] Call Trace:\n[ 2.019729] <TASK>\n[ 2.019901] truncate_inode_pages_range+0xd8/0x400\n[ 2.020280] ? timerqueue_add+0x66/0xb0\n[ 2.020574] ? get_nohz_timer_target+0x2a/0x140\n[ 2.020904] ? timerqueue_add+0x66/0xb0\n[ 2.021231] ? timerqueue_del+0x2e/0x50\n[ 2.021646] ? __remove_hrtimer+0x39/0x90\n[ 2.022017] ? srso_alias_untrain_ret+0x1/0x10\n[ 2.022497] ? psi_group_change+0x136/0x350\n[ 2.023046] ? _raw_spin_unlock+0xe/0x30\n[ 2.023514] ? finish_task_switch.isra.0+0x8d/0x280\n[ 2.024068] ? __schedule+0x532/0xbd0\n[ 2.024551] fuse_evict_inode+0x29/0x190\n[ 2.025131] evict+0x100/0x270\n[ 2.025641] ? _atomic_dec_and_lock+0x39/0x50\n[ 2.026316] ? __pfx_generic_delete_inode+0x10/0x10\n[ 2.026843] __dentry_kill+0x71/0x180\n[ 2.027335] dput+0xeb/0x1b0\n[ 2.027725] __fput+0x136/0x2b0\n[ 2.028054] __x64_sys_close+0x3d/0x80\n[ 2.028469] do_syscall_64+0x6d/0x1b0\n[ 2.028832] ? clear_bhb_loop+0x30/0x80\n[ 2.029182] ? clear_bhb_loop+0x30/0x80\n[ 2.029533] ? clear_bhb_loop+0x30/0x80\n[ 2.029902] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 2.030423] RIP: 0033:0x79ce03d0d067\n[ 2.030820] Code: b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 c3 a7 f8 ff\n[ 2.032354] RSP: 002b:00007ffef0498948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[ 2.032939] RAX: ffffffffffffffda RBX: 00007ffef0498960 RCX: 000079ce03d0d067\n[ 2.033612] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 000000000000000d\n[ 2.034289] RBP: 00007ffef0498a30 R08: 000000000000000d R09: 0000000000000000\n[ 2.034944] R10: 00007ffef0498978 R11: 0000000000000246 R12: 0000000000000001\n[ 2.035610] R13: 00007ffef0498960 R14: 000079ce03e09ce0 R15: 0000000000000003\n[ 2.036301] </TASK>\n[ 2.036532] ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fuse: correcci\u00f3n de la advertencia de tiempo de ejecuci\u00f3n en truncate_folio_batch_exceptionals(). Se introduce WARN_ON_ONCE en truncate_folio_batch_exceptionals() para detectar si el sistema de archivos ha eliminado todas las entradas DAX. La correcci\u00f3n se ha aplicado a los sistemas de archivos xfs y ext4 mediante el commit 0e2f80afcfa6 (\"fs/dax: asegurar que todas las p\u00e1ginas est\u00e9n inactivas antes de desmontar el sistema de archivos\"). Aplique la correcci\u00f3n que falt\u00f3 en el fusible del sistema de archivos para corregir la advertencia de tiempo de ejecuci\u00f3n: [ 2.011450] ------------[ cut here ]------------ [ 2.011873] WARNING: CPU: 0 PID: 145 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0x272/0x2b0 [ 2.012468] Modules linked in: [ 2.012718] CPU: 0 UID: 1000 PID: 145 Comm: weston Not tainted 6.16.0-rc2-WSL2-STABLE #2 PREEMPT(undef) [ 2.013292] RIP: 0010:truncate_folio_batch_exceptionals+0x272/0x2b0 [ 2.013704] Code: 48 63 d0 41 29 c5 48 8d 1c d5 00 00 00 00 4e 8d 6c 2a 01 49 c1 e5 03 eb 09 48 83 c3 08 49 39 dd 74 83 41 f6 44 1c 08 01 74 ef &lt;0f&gt; 0b 49 8b 34 1e 48 89 ef e8 10 a2 17 00 eb df 48 8b 7d 00 e8 35 [ 2.014845] RSP: 0018:ffffa47ec33f3b10 EFLAGS: 00010202 [ 2.015279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 2.015884] RDX: 0000000000000000 RSI: ffffa47ec33f3ca0 RDI: ffff98aa44f3fa80 [ 2.016377] RBP: ffff98aa44f3fbf0 R08: ffffa47ec33f3ba8 R09: 0000000000000000 [ 2.016942] R10: 0000000000000001 R11: 0000000000000000 R12: ffffa47ec33f3ca0 [ 2.017437] R13: 0000000000000008 R14: ffffa47ec33f3ba8 R15: 0000000000000000 [ 2.017972] FS: 000079ce006afa40(0000) GS:ffff98aade441000(0000) knlGS:0000000000000000 [ 2.018510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.018987] CR2: 000079ce03e74000 CR3: 000000010784f006 CR4: 0000000000372eb0 [ 2.019518] Call Trace: [ 2.019729] [ 2.019901] truncate_inode_pages_range+0xd8/0x400 [ 2.020280] ? timerqueue_add+0x66/0xb0 [ 2.020574] ? get_nohz_timer_target+0x2a/0x140 [ 2.020904] ? timerqueue_add+0x66/0xb0 [ 2.021231] ? timerqueue_del+0x2e/0x50 [ 2.021646] ? __remove_hrtimer+0x39/0x90 [ 2.022017] ? srso_alias_untrain_ret+0x1/0x10 [ 2.022497] ? psi_group_change+0x136/0x350 [ 2.023046] ? _raw_spin_unlock+0xe/0x30 [ 2.023514] ? finish_task_switch.isra.0+0x8d/0x280 [ 2.024068] ? __schedule+0x532/0xbd0 [ 2.024551] fuse_evict_inode+0x29/0x190 [ 2.025131] evict+0x100/0x270 [ 2.025641] ? _atomic_dec_and_lock+0x39/0x50 [ 2.026316] ? __pfx_generic_delete_inode+0x10/0x10 [ 2.026843] __dentry_kill+0x71/0x180 [ 2.027335] dput+0xeb/0x1b0 [ 2.027725] __fput+0x136/0x2b0 [ 2.028054] __x64_sys_close+0x3d/0x80 [ 2.028469] do_syscall_64+0x6d/0x1b0 [ 2.028832] ? clear_bhb_loop+0x30/0x80 [ 2.029182] ? clear_bhb_loop+0x30/0x80 [ 2.029533] ? clear_bhb_loop+0x30/0x80 [ 2.029902] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 2.030423] RIP: 0033:0x79ce03d0d067 [ 2.030820] Code: b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 c3 a7 f8 ff [ 2.032354] RSP: 002b:00007ffef0498948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 2.032939] RAX: ffffffffffffffda RBX: 00007ffef0498960 RCX: 000079ce03d0d067 [ 2.033612] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 000000000000000d [ 2.034289] RBP: 00007ffef0498a30 R08: 000000000000000d R09: 0000000000000000 [ 2.034944] R10: 00007ffef0498978 R11: 0000000000000246 R12: 0000000000000001 [ 2.035610] R13: 00007ffef0498960 R14: 000079ce03e09ce0 R15: 0000000000000003 [ 2.036301] [ 2.036532] ---[ end trace 0000000000000000 ]---"}], "lastModified": "2025-11-18T20:35:35.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4823E88-411C-4CCD-AA8D-3917D070E873", "versionEndExcluding": "6.15.5", "versionStartIncluding": "6.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}