{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38534", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.023Z", "datePublished": "2025-08-16T11:12:27.014Z", "dateUpdated": "2025-08-16T11:12:27.014Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-16T11:12:27.014Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix copy-to-cache so that it performs collection with ceph+fscache\n\nThe netfs copy-to-cache that is used by Ceph with local caching sets up a\nnew request to write data just read to the cache. The request is started\nand then left to look after itself whilst the app continues. The request\ngets notified by the backing fs upon completion of the async DIO write, but\nthen tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn't\nset - but the app isn't waiting there, and so the request just hangs.\n\nFix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the\nnotification from the backing filesystem to put the collection onto a work\nqueue instead."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/read_pgpriv2.c"], "versions": [{"version": "e2d46f2ec332533816417b60933954173f602121", "lessThan": "1ebe58cef84eab22b41b4d5e72c2051ebf00af50", "status": "affected", "versionType": "git"}, {"version": "e2d46f2ec332533816417b60933954173f602121", "lessThan": "4c238e30774e3022a505fa54311273add7570f13", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/read_pgpriv2.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.8", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.15.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1ebe58cef84eab22b41b4d5e72c2051ebf00af50"}, {"url": "https://git.kernel.org/stable/c/4c238e30774e3022a505fa54311273add7570f13"}], "title": "netfs: Fix copy-to-cache so that it performs collection with ceph+fscache", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix copy-to-cache so that it performs collection with ceph+fscache\n\nThe netfs copy-to-cache that is used by Ceph with local caching sets up a\nnew request to write data just read to the cache. The request is started\nand then left to look after itself whilst the app continues. The request\ngets notified by the backing fs upon completion of the async DIO write, but\nthen tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn't\nset - but the app isn't waiting there, and so the request just hangs.\n\nFix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the\nnotification from the backing filesystem to put the collection onto a work\nqueue instead."}], "id": "CVE-2025-38534", "lastModified": "2025-08-16T12:15:29.087", "metrics": {}, "published": "2025-08-16T12:15:29.087", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ebe58cef84eab22b41b4d5e72c2051ebf00af50"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4c238e30774e3022a505fa54311273add7570f13"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}