CVE-2025-22029

medium

Description

In the Linux kernel, the following vulnerability has been resolved: exec: fix the racy usage of fs_struct->in_exec check_unsafe_exec() sets fs->in_exec under cred_guard_mutex, then execve() paths clear fs->in_exec lockless. This is fine if exec succeeds, but if it fails we have the following race: T1 sets fs->in_exec = 1, fails, drops cred_guard_mutex T2 sets fs->in_exec = 1 T1 clears fs->in_exec T2 continues with fs->in_exec == 0 Change fs/exec.c to clear fs->in_exec with cred_guard_mutex held.

References

https://git.kernel.org/stable/c/e2d8e7bd3314485e0b3b08380c659b3d1d67ed6a

https://git.kernel.org/stable/c/b519f2e5800fe2391b7545ba6889df795828e885

https://git.kernel.org/stable/c/af7bb0d2ca459f15cb5ca604dab5d9af103643f0

https://git.kernel.org/stable/c/a6b5070721503fb6021ebed51c925ffc66b1c5ab

https://git.kernel.org/stable/c/753a620a7f8e134b444f89fe90873234e894e21a

Details

Source: Mitre, NVD

Published: 2025-04-16

Updated: 2025-04-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018