CVE-2025-38231

Source
https://cve.org/CVERecord?id=CVE-2025-38231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38231
Downstream
Related
Published
2025-07-04T13:37:44.978Z
Modified
2026-07-09T18:30:59.689081836Z
Summary
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In nfs4statestartnet(), laundromatwork may access nfsdssc through nfs4laundromat -> nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL pointer dereference.

Normally the delayed start of laundromatwork allows sufficient time for nfsdssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4statestartnet -> nfsd4endgrace -> nfsd4recordgracedone -> nfsd4cldgracedone -> cldpipe_upcall -> _cldpipeupcall -> waitforcompletion path), the delayed work may start before nfsdssc initialization finishes.

Fix this by moving nfsdssc initialization before starting laundromatwork.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38231.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a4bc287943f5695209ff36bdc89f17b48d68fae7
Fixed
deaeb74ae9318252829c59a84a7d2316fc335660
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f4e44b393389c77958f7c58bf4415032b4cda15b
Fixed
0fccf5f01ed28725cc313a66ca1247eef911d55e
Fixed
a97668ec6d73dab237cd1c15efe012a10090a4ed
Fixed
5060e1a5fef184bd11d298e3f0ee920d96a23236
Fixed
d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
Fixed
83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
Fixed
b31da62889e6d610114d81dc7a6edbcaa503fcf8

Affected versions

v5.*
v5.10.220
v5.10.221
v5.10.222
v5.10.223
v5.10.224
v5.10.225
v5.10.226
v5.10.227
v5.10.228
v5.10.229
v5.10.230
v5.10.231
v5.10.232
v5.10.233
v5.10.234
v5.10.235
v5.10.236
v5.10.237
v5.10.238

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.239
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.186
Type
ECOSYSTEM
Events
Introduced
5.14.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.6.95
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.12.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.15.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json"