2389461 – (CVE-2025-38567) CVE-2025-38567 kernel: nfsd: avoid ref leak in nfsd_open_local_fh()

Bug 2389461 (CVE-2025-38567) - CVE-2025-38567 kernel: nfsd: avoid ref leak in nfsd_open_local_fh()

Summary: CVE-2025-38567 kernel: nfsd: avoid ref leak in nfsd_open_local_fh()

Keywords:
Status:	NEW
Alias:	CVE-2025-38567
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-19 18:01 UTC by OSIDB Bzimport
Modified:	2025-08-20 17:36 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-19 18:01:53 UTC

In the Linux kernel, the following vulnerability has been resolved:

nfsd: avoid ref leak in nfsd_open_local_fh()

If two calls to nfsd_open_local_fh() race and both successfully call
nfsd_file_acquire_local(), they will both get an extra reference to the
net to accompany the file reference stored in *pnf.

One of them will fail to store (using xchg()) the file reference in
*pnf and will drop that reference but WON'T drop the accompanying
reference to the net.  This leak means that when the nfs server is shut
down it will hang in nfsd_shutdown_net() waiting for
&nn->nfsd_net_free_done.

This patch adds the missing nfsd_net_put().

Comment 1 Keith Grant 2025-08-20 17:35:05 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38567-3597@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.