CVE-2025-38231
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38231
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38231.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38231
- Downstream
- Related
- Published
- 2025-07-04T14:15:32Z
- Modified
- 2025-08-12T21:01:37Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
In nfs4statestartnet(), laundromatwork may access nfsdssc through nfs4laundromat -> nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL pointer dereference.
Normally the delayed start of laundromatwork allows sufficient time for nfsdssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4statestartnet -> nfsd4endgrace -> nfsd4recordgracedone -> nfsd4cldgracedone -> cldpipeupcall -> _cldpipeupcall -> waitforcompletion path), the delayed work may start before nfsd_ssc initialization finishes.
Fix this by moving nfsdssc initialization before starting laundromatwork.
- References
-
- https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e
- https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236
- https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
- https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed
- https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8
- https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
- https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660