{"id":"CVE-2025-38411","summary":"netfs: Fix double put of request","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix double put of request\n\nIf a netfs request finishes during the pause loop, it will have the ref\nthat belongs to the IN_PROGRESS flag removed at that point - however, if it\nthen goes to the final wait loop, that will *also* put the ref because it\nsees that the IN_PROGRESS flag is clear and incorrectly assumes that this\nhappened when it called the collector.\n\nIn fact, since IN_PROGRESS is clear, we shouldn't call the collector again\nsince it's done all the cleanup, such as calling -\u003eki_complete().\n\nFix this by making netfs_collect_in_app() just return, indicating that\nwe're done if IN_PROGRESS is removed.","modified":"2026-03-20T12:42:50.663744Z","published":"2025-07-25T13:20:15.835Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38411.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9df7b5ebead649b00bf9a53a798e4bf83a1318fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d18facba5a5795ad44b2a00a052e3db2fa77ab12"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38411.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38411"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"329ba1cb402ac328224965b8fc7a554a5150908e"},{"fixed":"d18facba5a5795ad44b2a00a052e3db2fa77ab12"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2b1424cd131cfaba4cf7040473133d26cddac088"},{"fixed":"9df7b5ebead649b00bf9a53a798e4bf83a1318fd"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38411.json"}}],"schema_version":"1.7.5"}