CVE-2025-38615

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/ntfs3: cancle set bad inode after removing name fails<br /> <br /> The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link.<br /> When renaming, the file0&amp;#39;s inode is marked as a bad inode because the file<br /> name cannot be deleted.<br /> <br /> The underlying bug is that make_bad_inode() is called on a live inode.<br /> In some cases it&amp;#39;s "icache lookup finds a normal inode, d_splice_alias()<br /> is called to attach it to dentry, while another thread decides to call<br /> make_bad_inode() on it - that would evict it from icache, but we&amp;#39;d already<br /> found it there earlier".<br /> In some it&amp;#39;s outright "we have an inode attached to dentry - that&amp;#39;s how we<br /> got it in the first place; let&amp;#39;s call make_bad_inode() on it just for shits<br /> and giggles".