CVE-2025-38028
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38028
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38028.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38028
- Downstream
- Published
- 2025-06-18T09:28:33Z
- Modified
- 2025-10-18T01:42:50.736304Z
- Summary
- NFS/localio: Fix a race in nfs_local_open_fh()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
NFS/localio: Fix a race in nfslocalopen_fh()
Once the clp->cluuid.lock has been dropped, another CPU could come in and free the struct nfsdfile that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced86e00412254a717ffd5d38dc5ec0ee1cce6281b3Fixed185a2f2ddabdcf999823f61de67f86376883920d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced86e00412254a717ffd5d38dc5ec0ee1cce6281b3Fixedfa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9
Affected versions
v6.*
v6.13
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.14.7
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"9468414654428187916862814507081378845",
"239994818029815803589656086249232378582",
"318446008248036148107183200138300657767",
"68901070601768668662550517110039497656",
"51922141360133224446249583738737537897",
"291800596522535083980069716782018580547",
"83850420325126651514593277760517598980",
"87550651220323497306648533727944522362"
],
"threshold": 0.9
},
"target": {
"file": "fs/nfs/localio.c"
},
"id": "CVE-2025-38028-56f15ad3",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9",
"deprecated": false
},
{
"digest": {
"function_hash": "316515204064100388175727637200841595107",
"length": 808.0
},
"target": {
"file": "fs/nfs/localio.c",
"function": "nfs_local_open_fh"
},
"id": "CVE-2025-38028-57021d7f",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"9468414654428187916862814507081378845",
"239994818029815803589656086249232378582",
"318446008248036148107183200138300657767",
"68901070601768668662550517110039497656",
"51922141360133224446249583738737537897",
"291800596522535083980069716782018580547",
"83850420325126651514593277760517598980",
"87550651220323497306648533727944522362"
],
"threshold": 0.9
},
"target": {
"file": "fs/nfs/localio.c"
},
"id": "CVE-2025-38028-7437a4d4",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@185a2f2ddabdcf999823f61de67f86376883920d",
"deprecated": false
},
{
"digest": {
"function_hash": "316515204064100388175727637200841595107",
"length": 808.0
},
"target": {
"file": "fs/nfs/localio.c",
"function": "nfs_local_open_fh"
},
"id": "CVE-2025-38028-f3def851",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@185a2f2ddabdcf999823f61de67f86376883920d",
"deprecated": false
}
]