CVE-2025-22026
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-22026
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22026.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-22026
- Downstream
- Published
- 2025-04-16T15:15:55Z
- Modified
- 2025-08-09T20:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfsd: don't ignore the return code of svcprocregister()
Currently, nfsdprocstatinit() ignores the return value of svcproc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later.
Fix nfsdprocstatinit() to return the same type of pointer as svcprocregister(), and fix up nfsdnetinit() to check that and fail the nfsdnet construction if it occurs.
svcprocregister() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM.
- References