Vulnerability DatabaseCVE-2025-38276

CVE-2025-38276:
Linux Ubuntu vulnerability analysis and mitigation

Overview

In the Linux kernel, a vulnerability was discovered in the fs/dax component related to the handling of locked entries when scanning entries. The issue was identified and assigned CVE-2025-38276, with the initial disclosure on July 10, 2025. The vulnerability affects the Linux kernel's implementation of Direct Access (DAX) filesystem functionality (NVD).

Technical details

The vulnerability stems from a function called wait_entry_unlocked_exclusive(), which was introduced by commit 6be3e21d25ca. This function waits for the current entry to become unlocked without advancing the XArray iterator state. The issue arises because waiting for the entry to become unlocked requires dropping the XArray lock and calling xas_pause(), which inadvertently advances the xas state to the next index. While xas_for_each() typically handles this state change, both the callers and wait_entry_unlocked_exclusive() itself use the xas state to reload the entry, causing the current entry being waited on to be skipped (NVD).

Impact

The vulnerability can trigger intermittent warnings when running xftest generic/068 on an XFS filesystem with FS DAX enabled. This can lead to system instability and potential data integrity issues in DAX-enabled filesystems (NVD).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21441	HIGH	8.9	Python	fence-agents-ibm-powervs	No	Yes	Jan 07, 2026
CVE-2025-13151	HIGH	7.5	Linux Debian	libtasn1-6	No	Yes	Jan 07, 2026
CVE-2025-68766	HIGH	7.1	Linux Debian	linux	No	Yes	Jan 05, 2026
CVE-2025-68765	MEDIUM	5.5	Linux Debian	linux-azure-fde	No	Yes	Jan 05, 2026
CVE-2025-68764	MEDIUM	5.5	Linux Kernel	kernel-rt-64k-core	No	Yes	Jan 05, 2026