Acknowledged
Created: Jul 10, 2025
Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]kernfs: Relax constraint in draining guard[EOL][EOL]The active reference lifecycle provides the break/unbreak mechanism but[EOL]the active reference is not truly active after unbreak -- callers don't[EOL]use it afterwards but it's important for proper pairing of kn->active[EOL]counting. Assuming this mechanism is in place, the WARN check in[EOL]kernfs_should_drain_open_files() is too sensitive -- it may transiently[EOL]catch those (rightful) callers between[EOL]kernfs_unbreak_active_protection() and kernfs_put_active() as found out by Chen[EOL]Ridong:[EOL][EOL]\tkernfs_remove_by_name_ns\tkernfs_get_active // active=1[EOL]\t__kernfs_remove\t\t\t\t\t // active=0x80000002[EOL]\tkernfs_drain\t\t\t...[EOL]\twait_event[EOL]\t//waiting (active == 0x80000001)[EOL]\t\t\t\t\tkernfs_break_active_protection[EOL]\t\t\t\t\t// active = 0x80000001[EOL]\t// continue[EOL]\t\t\t\t\tkernfs_unbreak_active_protection[EOL]\t\t\t\t\t// active = 0x80000002[EOL]\t...[EOL]\tkernfs_should_drain_open_files[EOL]\t// warning occurs[EOL]\t\t\t\t\tkernfs_put_active[EOL][EOL]To avoid the false positives (mind panic_on_warn) remove the check altogether.[EOL](This is meant as quick fix, I think active reference break/unbreak may be[EOL]simplified with larger rework.)
CREATE(Triage):(User=admin) [CVE-2025-38282 (https://nvd.nist.gov/vuln/detail/CVE-2025-38282)
