{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38058","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.979Z","datePublished":"2025-06-18T09:33:38.022Z","dateUpdated":"2026-05-12T12:04:23.226Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:20:27.464Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see\nthat it's safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it'll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it's nowhere near common enough to bother\nwith."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/namespace.c"],"versions":[{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"628fb00195ce21a90cf9e4e3d105cd9e58f77b40","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"b89eb56a378b7b2c1176787fc228d0a57172bdd5","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"9b0915e72b3cf52474dcee0b24a2f99d93e604a3","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"d8ece4ced3b051e656c77180df2e69e19e24edc1","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"8cafd7266fa02e0863bacbf872fe635c0b9725eb","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"b55996939c71a3e1a38f3cdc6a8859797efc9083","status":"affected","versionType":"git"},{"version":"48a066e72d970a3e225a9c18690d570c736fc455","lessThan":"250cf3693060a5f803c5f1ddc082bb06b16112a9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/namespace.c"],"versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","status":"unaffected","versionType":"semver"},{"version":"5.4.294","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.238","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.185","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.141","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.93","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.31","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.9","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.4.294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.15.185"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.1.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.6.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.12.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.14.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40"},{"url":"https://git.kernel.org/stable/c/b89eb56a378b7b2c1176787fc228d0a57172bdd5"},{"url":"https://git.kernel.org/stable/c/f6d45fd92f62845cbd1eb5128fd8f0ed7d0c5a42"},{"url":"https://git.kernel.org/stable/c/9b0915e72b3cf52474dcee0b24a2f99d93e604a3"},{"url":"https://git.kernel.org/stable/c/d8ece4ced3b051e656c77180df2e69e19e24edc1"},{"url":"https://git.kernel.org/stable/c/8cafd7266fa02e0863bacbf872fe635c0b9725eb"},{"url":"https://git.kernel.org/stable/c/b55996939c71a3e1a38f3cdc6a8859797efc9083"},{"url":"https://git.kernel.org/stable/c/250cf3693060a5f803c5f1ddc082bb06b16112a9"}],"title":"__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:33:27.007Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:04:23.226Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"}]}]}}