CVE-2025-38231

MEDIUM EPSS 4.5%
Published Jul 4, 202512mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference. Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes. Fix this by moving nfsd_ssc initialization before starting laundromat_work.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.10.220  –  <5.10.239
linuxlinux_kernel*≥5.14  –  <5.15.186
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
debiandebian_linux11.0any

References 10

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-082556.html
  • git.kernel.org https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660
    Patch