CVE-2025-38615

Name	CVE-2025-38615
Description	In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted. The underlying bug is that make_bad_inode() is called on a live inode. In some cases it's "icache lookup finds a normal inode, d_splice_alias() is called to attach it to dentry, while another thread decides to call make_bad_inode() on it - that would evict it from icache, but we'd already found it there earlier". In some it's outright "we have an inode attached to dentry - that's how we got it in the first place; let's call make_bad_inode() on it just for shits and giggles".
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.237-1	fixed
	bookworm	6.1.148-1	vulnerable
	bookworm (security)	6.1.147-1	vulnerable
	trixie	6.12.43-1	fixed
	trixie (security)	6.12.41-1	vulnerable
	forky	6.16.3-1	fixed
	sid	6.16.5-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
linux	source	bullseye	(not affected)
linux	source	trixie	6.12.43-1
linux	source	(unstable)	6.16.3-1

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/d99208b91933fd2a58ed9ed321af07dacd06ddc3 (6.17-rc1)