2025-06-18 09:33:38
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesnt see that its safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where itll be a full-blown mntput(). Check under mount_lock is needed; leaving the current one done before taking that makes no sense - its nowhere near common enough to bother with.