CVE-2025-22026

Currently, nfsdprocstatinit() ignores the return value of svcproc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later.

Fix nfsdprocstatinit() to return the same type of pointer as svcprocregister(), and fix up nfsdnetinit() to check that and fail the nfsdnet construction if it occurs.

svcprocregister() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/22xxx/CVE-2025-22026.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

e31957a819e60cf0bc9a49408765e6095fd3d046

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

9d9456185fd5f1891c74354ee297f19538141ead

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

930b64ca0c511521f0abdd1d57ce52b2a6e3476b

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.24

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.12

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.2