CVE-2025-38282

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> kernfs: Relax constraint in draining guard<br /> <br /> The active reference lifecycle provides the break/unbreak mechanism but<br /> the active reference is not truly active after unbreak -- callers don&amp;#39;t<br /> use it afterwards but it&amp;#39;s important for proper pairing of kn-&gt;active<br /> counting. Assuming this mechanism is in place, the WARN check in<br /> kernfs_should_drain_open_files() is too sensitive -- it may transiently<br /> catch those (rightful) callers between<br /> kernfs_unbreak_active_protection() and kernfs_put_active() as found out by Chen<br /> Ridong:<br /> <br /> kernfs_remove_by_name_ns kernfs_get_active // active=1<br /> __kernfs_remove // active=0x80000002<br /> kernfs_drain ...<br /> wait_event<br /> //waiting (active == 0x80000001)<br /> kernfs_break_active_protection<br /> // active = 0x80000001<br /> // continue<br /> kernfs_unbreak_active_protection<br /> // active = 0x80000002<br /> ...<br /> kernfs_should_drain_open_files<br /> // warning occurs<br /> kernfs_put_active<br /> <br /> To avoid the false positives (mind panic_on_warn) remove the check altogether.<br /> (This is meant as quick fix, I think active reference break/unbreak may be<br /> simplified with larger rework.)