CVE-2025-38028

MEDIUM EPSS 1.1%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the struct nfsd_file that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.14  –  <6.14.8
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9
    Patch