fkie_cve-2025-38231
Vulnerability from fkie_nvd
Published
2025-07-04 14:15
Modified
2025-07-08 16:18
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference. Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes. Fix this by moving nfsd_ssc initialization before starting laundromat_work.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: Inicializar ssc antes de laundromat_work para evitar la desreferencia de punteros NULL. En nfs4_state_start_net(), laundromat_work puede acceder a nfsd_ssc a trav\u00e9s de nfs4_laundromat -\u0026gt; nfsd4_ssc_expire_umount. Si nfsd_ssc no se inicializa, esto puede causar la desreferencia de punteros NULL. Normalmente, el inicio retrasado de laundromat_work permite que la inicializaci\u00f3n de nfsd_ssc se complete con tiempo suficiente. Sin embargo, cuando el n\u00facleo espera demasiado tiempo las respuestas del espacio de usuario (p. ej., en la ruta nfs4_state_start_net -\u0026gt; nfsd4_end_grace -\u0026gt; nfsd4_record_grace_done -\u0026gt; nfsd4_cld_grace_done -\u0026gt; cld_pipe_upcall -\u0026gt; __cld_pipe_upcall -\u0026gt; wait_for_completion), el trabajo retrasado puede comenzar antes de que finalice la inicializaci\u00f3n de nfsd_ssc. Para solucionar esto, mueva la inicializaci\u00f3n de nfsd_ssc antes de iniciar laundromat_work."
    }
  ],
  "id": "CVE-2025-38231",
  "lastModified": "2025-07-08T16:18:53.607",
  "metrics": {},
  "published": "2025-07-04T14:15:32.683",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.