CVE-2025-22026

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22026
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22026.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22026
Downstream
Published
2025-04-16T15:15:55Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: don't ignore the return code of svcprocregister()

Currently, nfsdprocstatinit() ignores the return value of svcproc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later.

Fix nfsdprocstatinit() to return the same type of pointer as svcprocregister(), and fix up nfsdnetinit() to check that and fail the nfsdnet construction if it occurs.

svcprocregister() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM.

References

Affected packages