[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38349":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":116,"related":117,"reserved_at":9,"published_at":135,"modified_at":136,"state":137,"summary":138,"references_raw":147,"kevs":171,"epss":172,"epss_history":175,"metrics":443,"affected":449},"CVE-2025-38349","In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don't decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n    mutex_unlock(&ep->mtx);\n\nafterwards. That's very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it's wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we're\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it's not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren't the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the 'ep' as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn't need mutex protection (that's\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114],{"_key":25},"SUSE-SU-2025:02853-1",{"_key":27},"SUSE-SU-2025:02923-1",{"_key":29},"SUSE-SU-2025:02969-1",{"_key":31},"SUSE-SU-2025:03023-1",{"_key":33},"DSA-5975-1",{"_key":35},"SUSE-SU-2025:02997-1",{"_key":37},"SUSE-SU-2025:03011-1",{"_key":39},"SUSE-SU-2025:20577-1",{"_key":41},"SUSE-SU-2025:20586-1",{"_key":43},"SUSE-SU-2025:20601-1",{"_key":45},"SUSE-SU-2025:20602-1",{"_key":47},"SUSE-SU-2025:21074-1",{"_key":49},"SUSE-SU-2025:21139-1",{"_key":51},"SUSE-SU-2025:21179-1",{"_key":53},"SUSE-SU-2025:02996-1",{"_key":55},"OPENSUSE-SU-2025:20081-1",{"_key":57},"RHSA-2026:2759",{"_key":59},"MGASA-2025-0218",{"_key":61},"MGASA-2025-0219",{"_key":63},"RHSA-2026:4111",{"_key":65},"USN-7934-1",{"_key":67},"USN-8028-1",{"_key":69},"USN-8028-2",{"_key":71},"USN-8028-3",{"_key":73},"USN-8028-4",{"_key":75},"USN-8028-5",{"_key":77},"USN-8028-6",{"_key":79},"USN-8028-7",{"_key":81},"USN-8028-8",{"_key":83},"USN-8031-1",{"_key":85},"USN-8031-2",{"_key":87},"USN-8031-3",{"_key":89},"USN-8052-1",{"_key":91},"USN-8052-2",{"_key":93},"USN-8074-1",{"_key":95},"USN-8074-2",{"_key":97},"USN-8126-1",{"_key":99},"RHSA-2026:1143",{"_key":101},"RHSA-2026:1690",{"_key":103},"DEBIAN-CVE-2025-38349",{"_key":105},"UBUNTU-CVE-2025-38349",{"_key":107},"USN-7879-1",{"_key":109},"USN-7879-2",{"_key":111},"USN-7879-3",{"_key":113},"USN-7879-4",{"_key":115},"USN-7880-1",[],[118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":59},{"_key":61},"2025-07-18T07:53:16.434Z","2026-06-01T16:05:22.258Z","Analyzed",{"cisa_kev":139,"cisa_ransomware":139,"cisa_vendor":9,"epss_severity":140,"epss_score":141,"severity":142,"severity_score":143,"severity_version":144,"severity_source":145,"severity_vector":146,"severity_status":137},false,"low",0.00063,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[148,154,158,162,166],{"url":149,"sources":150,"tags":152},"https://git.kernel.org/stable/c/521e9ff0b67c66a17d6f9593dfccafaa984aae4c",[151,145],"cve.org",[153],"Patch",{"url":155,"sources":156,"tags":157},"https://git.kernel.org/stable/c/6dee745bd0aec9d399df674256e7b1ecdb615444",[151,145],[153],{"url":159,"sources":160,"tags":161},"https://git.kernel.org/stable/c/605c18698ecfa99165f36b7f59d3ed503e169814",[151,145],[153],{"url":163,"sources":164,"tags":165},"https://git.kernel.org/stable/c/8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2",[151,145],[153],{"url":167,"sources":168,"tags":169},"https://project-zero.issues.chromium.org/issues/430541637",[151,145],[170,153],"Issue Tracking",[],{"date":173,"score":141,"percentile":174},"2026-06-03",0.19783,[176,180,183,186,189,192,195,198,201,204,207,210,213,215,219,223,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,295,298,302,305,308,311,314,317,320,323,326,329,331,333,337,340,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,392,394,397,400,403,405,408,411,414,416,419,422,425,428,431,434,437,440],{"date":177,"score":178,"percentile":179},"2025-11-04",0.00039,0.11242,{"date":181,"score":178,"percentile":182},"2025-11-05",0.1127,{"date":184,"score":178,"percentile":185},"2025-11-06",0.11389,{"date":187,"score":178,"percentile":188},"2025-11-07",0.11409,{"date":190,"score":178,"percentile":191},"2025-11-08",0.11421,{"date":193,"score":178,"percentile":194},"2025-11-09",0.1139,{"date":196,"score":178,"percentile":197},"2025-11-10",0.11338,{"date":199,"score":178,"percentile":200},"2025-11-11",0.1135,{"date":202,"score":178,"percentile":203},"2025-11-12",0.11377,{"date":205,"score":178,"percentile":206},"2025-11-13",0.11402,{"date":208,"score":178,"percentile":209},"2025-11-14",0.11417,{"date":211,"score":178,"percentile":212},"2025-11-15",0.11418,{"date":214,"score":178,"percentile":212},"2025-11-16",{"date":216,"score":217,"percentile":218},"2025-11-17",0.0005,0.15472,{"date":220,"score":221,"percentile":222},"2025-11-18",0.00035,0.05698,{"date":224,"score":225,"percentile":226},"2025-11-19",0.00021,0.02732,{"date":228,"score":225,"percentile":229},"2025-11-20",0.02777,{"date":231,"score":225,"percentile":232},"2025-11-21",0.04508,{"date":234,"score":225,"percentile":235},"2025-11-22",0.0452,{"date":237,"score":225,"percentile":238},"2025-11-23",0.04519,{"date":240,"score":225,"percentile":241},"2025-11-24",0.04493,{"date":243,"score":225,"percentile":244},"2025-11-25",0.04502,{"date":246,"score":225,"percentile":247},"2025-11-26",0.04551,{"date":249,"score":225,"percentile":250},"2025-11-27",0.04564,{"date":252,"score":225,"percentile":253},"2025-11-28",0.04553,{"date":255,"score":225,"percentile":256},"2025-11-29",0.04609,{"date":258,"score":225,"percentile":259},"2025-11-30",0.04612,{"date":261,"score":225,"percentile":262},"2025-12-01",0.04717,{"date":264,"score":225,"percentile":265},"2025-12-02",0.04731,{"date":267,"score":225,"percentile":268},"2025-12-03",0.04756,{"date":270,"score":225,"percentile":271},"2025-12-04",0.04694,{"date":273,"score":225,"percentile":274},"2025-12-05",0.04769,{"date":276,"score":225,"percentile":277},"2025-12-06",0.04785,{"date":279,"score":225,"percentile":280},"2025-12-07",0.04787,{"date":282,"score":225,"percentile":283},"2025-12-08",0.0479,{"date":285,"score":225,"percentile":286},"2025-12-09",0.04835,{"date":288,"score":225,"percentile":289},"2025-12-10",0.04888,{"date":291,"score":225,"percentile":292},"2025-12-11",0.04872,{"date":294,"score":225,"percentile":289},"2025-12-12",{"date":296,"score":225,"percentile":297},"2025-12-13",0.04927,{"date":299,"score":300,"percentile":301},"2025-12-14",0.00011,0.01015,{"date":303,"score":300,"percentile":304},"2025-12-15",0.00933,{"date":306,"score":300,"percentile":307},"2025-12-16",0.00938,{"date":309,"score":300,"percentile":310},"2025-12-17",0.00942,{"date":312,"score":300,"percentile":313},"2025-12-18",0.01013,{"date":315,"score":300,"percentile":316},"2025-12-19",0.01016,{"date":318,"score":300,"percentile":319},"2025-12-20",0.00937,{"date":321,"score":300,"percentile":322},"2025-12-21",0.0094,{"date":324,"score":300,"percentile":325},"2025-12-22",0.00952,{"date":327,"score":300,"percentile":328},"2025-12-23",0.00948,{"date":330,"score":300,"percentile":328},"2025-12-24",{"date":332,"score":300,"percentile":325},"2025-12-25",{"date":334,"score":335,"percentile":336},"2025-12-26",0.00015,0.02278,{"date":338,"score":335,"percentile":339},"2025-12-27",0.02262,{"date":341,"score":335,"percentile":336},"2025-12-28",{"date":343,"score":335,"percentile":344},"2025-12-29",0.02267,{"date":346,"score":335,"percentile":347},"2025-12-30",0.0226,{"date":349,"score":335,"percentile":350},"2025-12-31",0.02249,{"date":352,"score":335,"percentile":353},"2026-01-01",0.02306,{"date":355,"score":335,"percentile":356},"2026-01-02",0.02307,{"date":358,"score":335,"percentile":359},"2026-01-03",0.0231,{"date":361,"score":335,"percentile":362},"2026-01-04",0.02242,{"date":364,"score":335,"percentile":365},"2026-01-05",0.02246,{"date":367,"score":335,"percentile":368},"2026-01-06",0.02233,{"date":370,"score":335,"percentile":371},"2026-01-07",0.02247,{"date":373,"score":335,"percentile":374},"2026-01-08",0.02269,{"date":376,"score":335,"percentile":377},"2026-01-09",0.02283,{"date":379,"score":335,"percentile":380},"2026-01-10",0.02291,{"date":382,"score":335,"percentile":383},"2026-01-11",0.02276,{"date":385,"score":335,"percentile":386},"2026-01-12",0.02256,{"date":388,"score":335,"percentile":389},"2026-01-13",0.02244,{"date":391,"score":335,"percentile":371},"2026-01-14",{"date":393,"score":335,"percentile":362},"2026-01-15",{"date":395,"score":335,"percentile":396},"2026-01-16",0.02241,{"date":398,"score":335,"percentile":399},"2026-01-17",0.02245,{"date":401,"score":335,"percentile":402},"2026-01-18",0.02254,{"date":404,"score":335,"percentile":362},"2026-01-19",{"date":406,"score":335,"percentile":407},"2026-01-20",0.02229,{"date":409,"score":335,"percentile":410},"2026-01-21",0.02222,{"date":412,"score":335,"percentile":413},"2026-01-22",0.02223,{"date":415,"score":335,"percentile":368},"2026-01-23",{"date":417,"score":335,"percentile":418},"2026-01-24",0.02251,{"date":420,"score":335,"percentile":421},"2026-01-25",0.02243,{"date":423,"score":335,"percentile":424},"2026-01-26",0.02239,{"date":426,"score":335,"percentile":427},"2026-01-27",0.02526,{"date":429,"score":335,"percentile":430},"2026-01-28",0.02529,{"date":432,"score":335,"percentile":433},"2026-01-29",0.02264,{"date":435,"score":335,"percentile":436},"2026-01-30",0.02272,{"date":438,"score":335,"percentile":439},"2026-01-31",0.02293,{"date":441,"score":335,"percentile":442},"2026-02-01",0.02351,[444],{"source":145,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":9},{"baseScore":143,"baseSeverity":446,"vectorString":146,"impactScore":447,"exploitabilityScore":448},"HIGH",9.8,4.6,[450,485],{"ecosystem":9,"name":451,"vendor":452,"product":452,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"Linux","linux","a",[455,462,465,468,471,473,475,479,483],{"version":456,"is_range":457,"range_type":151,"version_start":458,"version_start_type":459,"version_end":460,"version_end_type":461,"fixed_in":9},">= 58c9b016e12855286370dfb704c08498edbc857a, \u003C 521e9ff0b67c66a17d6f9593dfccafaa984aae4c",true,"58c9b016e12855286370dfb704c08498edbc857a","including","521e9ff0b67c66a17d6f9593dfccafaa984aae4c","excluding",{"version":463,"is_range":457,"range_type":151,"version_start":458,"version_start_type":459,"version_end":464,"version_end_type":461,"fixed_in":9},">= 58c9b016e12855286370dfb704c08498edbc857a, \u003C 6dee745bd0aec9d399df674256e7b1ecdb615444","6dee745bd0aec9d399df674256e7b1ecdb615444",{"version":466,"is_range":457,"range_type":151,"version_start":458,"version_start_type":459,"version_end":467,"version_end_type":461,"fixed_in":9},">= 58c9b016e12855286370dfb704c08498edbc857a, \u003C 605c18698ecfa99165f36b7f59d3ed503e169814","605c18698ecfa99165f36b7f59d3ed503e169814",{"version":469,"is_range":457,"range_type":151,"version_start":458,"version_start_type":459,"version_end":470,"version_end_type":461,"fixed_in":9},">= 58c9b016e12855286370dfb704c08498edbc857a, \u003C 8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2","8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2",{"version":472,"is_range":139,"range_type":151,"version_start":472,"version_start_type":459,"version_end":472,"version_end_type":459,"fixed_in":9},"f2451def095c1743adcfcb0cb5dadc86034e162a",{"version":474,"is_range":139,"range_type":151,"version_start":474,"version_start_type":459,"version_end":474,"version_end_type":459,"fixed_in":9},"a1f93804449d13f97dabd4b996817de4bf1ed67a",{"version":476,"is_range":457,"range_type":151,"version_start":477,"version_start_type":459,"version_end":478,"version_end_type":461,"fixed_in":9},">= 5.15.209, \u003C 5.16","5.15.209","5.16",{"version":480,"is_range":457,"range_type":151,"version_start":481,"version_start_type":459,"version_end":482,"version_end_type":461,"fixed_in":9},">= 6.1.175, \u003C 6.2","6.1.175","6.2",{"version":484,"is_range":139,"range_type":151,"version_start":484,"version_start_type":459,"version_end":484,"version_end_type":459,"fixed_in":9},"6.4",{"ecosystem":9,"name":486,"vendor":452,"product":487,"cpe_part":488,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"linux kernel","linux_kernel","o",[490,494,498,502,504,506,508,510],{"version":491,"is_range":457,"range_type":492,"version_start":484,"version_start_type":459,"version_end":493,"version_end_type":461,"fixed_in":9},"gte6.4_lt6.6.99","cpe","6.6.99",{"version":495,"is_range":457,"range_type":492,"version_start":496,"version_start_type":459,"version_end":497,"version_end_type":461,"fixed_in":9},"gte6.7_lt6.12.39","6.7","6.12.39",{"version":499,"is_range":457,"range_type":492,"version_start":500,"version_start_type":459,"version_end":501,"version_end_type":461,"fixed_in":9},"gte6.13_lt6.15.7","6.13","6.15.7",{"version":503,"is_range":139,"range_type":492,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc1",{"version":505,"is_range":139,"range_type":492,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc2",{"version":507,"is_range":139,"range_type":492,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc3",{"version":509,"is_range":139,"range_type":492,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc4",{"version":511,"is_range":139,"range_type":492,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.16:rc5"]