In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix hang in nfsd4shutdowncallback
If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.
This patch modifies nfsd4runcbwork to skip the RPC call if nfs4client is in courtesy state.
[
{
"signature_type": "Function",
"id": "CVE-2025-21795-037deb2c",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@efa8a261c575f816c7e79a87aeb3ef8a0bd6b221",
"digest": {
"function_hash": "14948161914033190019582848183000766643",
"length": 829.0
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-04c2bfb0",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cedfbb92cf97a6bff3d25633001d9c44442ee854",
"digest": {
"function_hash": "289772448181542663362025942839067075147",
"length": 848.0
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-373d828b",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@036ac2778f7b28885814c6fbc07e156ad1624d03",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-684a0420",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38d345f612503b850c2973e5a879f88e441b34d7",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-74fff561",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@abed68027ea3ab893ac85cc46a00e2e64a324239",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-87a6a6fc",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@036ac2778f7b28885814c6fbc07e156ad1624d03",
"digest": {
"function_hash": "289772448181542663362025942839067075147",
"length": 848.0
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-988222dc",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e88d2451cd42e025465d6b51fd716a47b0b3800d",
"digest": {
"function_hash": "289772448181542663362025942839067075147",
"length": 848.0
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-9bcb5c90",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e88d2451cd42e025465d6b51fd716a47b0b3800d",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-9f5dca22",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23ad7797c74cd8f7f90617f1e59a8703e2b43908",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-c51dde77",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38d345f612503b850c2973e5a879f88e441b34d7",
"digest": {
"function_hash": "14948161914033190019582848183000766643",
"length": 829.0
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-c85b9ef7",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cedfbb92cf97a6bff3d25633001d9c44442ee854",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-cf59a8a3",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23ad7797c74cd8f7f90617f1e59a8703e2b43908",
"digest": {
"function_hash": "14948161914033190019582848183000766643",
"length": 829.0
}
},
{
"signature_type": "Line",
"id": "CVE-2025-21795-d33c319e",
"target": {
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@efa8a261c575f816c7e79a87aeb3ef8a0bd6b221",
"digest": {
"line_hashes": [
"38344961078515156122498759560418014234",
"216693225652317794977423363580932296393",
"17604861094146970682408529191097251803",
"226099488070197785198241616243191634854"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2025-21795-d9d58d5c",
"target": {
"function": "nfsd4_run_cb_work",
"file": "fs/nfsd/nfs4callback.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@abed68027ea3ab893ac85cc46a00e2e64a324239",
"digest": {
"function_hash": "14948161914033190019582848183000766643",
"length": 829.0
}
}
]