CVE-2025-38615
Published: Aug 19, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted. The underlying bug is that make_bad_inode() is called on a live inode. In some cases it's "icache lookup finds a normal inode, d_splice_alias() is called to attach it to dentry, while another thread decides to call make_bad_inode() on it - that would evict it from icache, but we'd already found it there earlier". In some it's outright "we have an inode attached to dentry - that's how we got it in the first place; let's call make_bad_inode() on it just for shits and giggles".
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 78ab59fee07f22464f32eafebab2bd97ba94ff2d - < b35a50d639ca5259466ef5fea85529bb4fb17d5baffected 78ab59fee07f22464f32eafebab2bd97ba94ff2d - < 3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dccaffected 78ab59fee07f22464f32eafebab2bd97ba94ff2d - < 358d4f821c03add421a4c49290538a705852ccf1affected 78ab59fee07f22464f32eafebab2bd97ba94ff2d - < a285395020780adac1ffbc844069c3d700bf007aaffected 78ab59fee07f22464f32eafebab2bd97ba94ff2d - < d99208b91933fd2a58ed9ed321af07dacd06ddc3 |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 6.6.102 - <= 6.6.*unaffected 6.12.42 - <= 6.12.*unaffected 6.15.10 - <= 6.15.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now