CVE-2025-38028

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFS/localio: Fix a race in nfs_local_open_fh()

Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the struct nfsd_file that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux86e00412254a717ffd5d38dc5ec0ee1cce6281b3 < 185a2f2ddabdcf999823f61de67f86376883920daffected
LinuxLinux86e00412254a717ffd5d38dc5ec0ee1cce6281b3 < fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.14.8 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References