CVE-2025-38231
- Source
- https://cve.org/CVERecord?id=CVE-2025-38231
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38231
- Downstream
- Related
- Published
- 2025-07-04T13:37:44.978Z
- Modified
- 2026-03-11T07:45:24.823538965Z
- Summary
- nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
In nfs4statestartnet(), laundromatwork may access nfsdssc through nfs4laundromat -> nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL pointer dereference.
Normally the delayed start of laundromatwork allows sufficient time for nfsdssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4statestartnet -> nfsd4endgrace -> nfsd4recordgracedone -> nfsd4cldgracedone -> cldpipe_upcall -> _cldpipeupcall -> waitforcompletion path), the delayed work may start before nfsdssc initialization finishes.
Fix this by moving nfsdssc initialization before starting laundromatwork.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38231.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e
- https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236
- https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
- https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed
- https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8
- https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
- https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38231.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38231
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda4bc287943f5695209ff36bdc89f17b48d68fae7Fixeddeaeb74ae9318252829c59a84a7d2316fc335660
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf4e44b393389c77958f7c58bf4415032b4cda15bFixed0fccf5f01ed28725cc313a66ca1247eef911d55eFixeda97668ec6d73dab237cd1c15efe012a10090a4edFixed5060e1a5fef184bd11d298e3f0ee920d96a23236Fixedd622c2ee6c08147ab8c9b9e37d93b6e95d3258e0Fixed83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64Fixedb31da62889e6d610114d81dc7a6edbcaa503fcf8