CVE-2025-38231
Published: Jul 4, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference. Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes. Fix this by moving nfsd_ssc initialization before starting laundromat_work.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a4bc287943f5695209ff36bdc89f17b48d68fae7 - < deaeb74ae9318252829c59a84a7d2316fc335660affected f4e44b393389c77958f7c58bf4415032b4cda15b - < 0fccf5f01ed28725cc313a66ca1247eef911d55eaffected f4e44b393389c77958f7c58bf4415032b4cda15b - < a97668ec6d73dab237cd1c15efe012a10090a4edaffected f4e44b393389c77958f7c58bf4415032b4cda15b - < 5060e1a5fef184bd11d298e3f0ee920d96a23236affected f4e44b393389c77958f7c58bf4415032b4cda15b - < d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0+3 more versions |
Linux | Linux | affected 5.14unaffected 0 - < 5.14unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*unaffected 6.1.142 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now