fkie_nvd - fkie_cve-2025-38028

fkie_cve-2025-38028

Vulnerability from fkie_nvd

Published

2025-06-18 10:15

Modified

2025-06-18 13:46

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the struct nfsd_file that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.

References

▶	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS/localio: Fix a race in nfs_local_open_fh()\n\nOnce the clp-\u003ecl_uuid.lock has been dropped, another CPU could come in\nand free the struct nfsd_file that was just added. To prevent that from\nhappening, take the RCU read lock before dropping the spin lock."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFS/localio: Se corrige una ejecuci\u00f3n en nfs_local_open_fh(). Una vez eliminado el bloqueo clp-\u0026gt;cl_uuid.lock, otra CPU podr\u00eda entrar y liberar la estructura nfsd_file reci\u00e9n agregada. Para evitarlo, tome el bloqueo de lectura de la RCU antes de eliminar el bloqueo de giro."
    }
  ],
  "id": "CVE-2025-38028",
  "lastModified": "2025-06-18T13:46:52.973",
  "metrics": {},
  "published": "2025-06-18T10:15:34.850",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-38028 (GCVE-0-2025-38028)

Vulnerability from cvelistv5

Published

2025-06-18 09:28

Modified

2025-06-18 09:28

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the struct nfsd_file that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.

References

►

URL

Tags

	https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d
	https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9

Impacted products

Vendor

Product

Version

►

Version: 86e00412254a717ffd5d38dc5ec0ee1cce6281b3
Version: 86e00412254a717ffd5d38dc5ec0ee1cce6281b3

Version: 6.14

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/localio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "185a2f2ddabdcf999823f61de67f86376883920d",
              "status": "affected",
              "version": "86e00412254a717ffd5d38dc5ec0ee1cce6281b3",
              "versionType": "git"
            },
            {
              "lessThan": "fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9",
              "status": "affected",
              "version": "86e00412254a717ffd5d38dc5ec0ee1cce6281b3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/localio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.8",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS/localio: Fix a race in nfs_local_open_fh()\n\nOnce the clp-\u003ecl_uuid.lock has been dropped, another CPU could come in\nand free the struct nfsd_file that was just added. To prevent that from\nhappening, take the RCU read lock before dropping the spin lock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T09:28:33.184Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9"
        }
      ],
      "title": "NFS/localio: Fix a race in nfs_local_open_fh()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38028",
    "datePublished": "2025-06-18T09:28:33.184Z",
    "dateReserved": "2025-04-16T04:51:23.978Z",
    "dateUpdated": "2025-06-18T09:28:33.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.