CVE-2025-38231

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38231
Downstream
Related
Published
2025-07-04T14:15:32Z
Modified
2025-08-12T21:01:37Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In nfs4statestartnet(), laundromatwork may access nfsdssc through nfs4laundromat -> nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL pointer dereference.

Normally the delayed start of laundromatwork allows sufficient time for nfsdssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4statestartnet -> nfsd4endgrace -> nfsd4recordgracedone -> nfsd4cldgracedone -> cldpipeupcall -> _cldpipeupcall -> waitforcompletion path), the delayed work may start before nfsd_ssc initialization finishes.

Fix this by moving nfsdssc initialization before starting laundromatwork.

References

Affected packages