CVE-2025-39688

MEDIUM EPSS 11.2%
Published Apr 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets bad NFS4ERR_BAD_STATEID instead. When a delegation is revoked, it's initially marked with SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked with the SC_STATUS_FREEABLE flag, which denotes that it is waiting for s FREE_STATEID call. nfs4_lookup_stateid() accepts a statusmask that includes the status flags that a found stateid is allowed to have. Currently, that mask never includes SC_STATUS_FREEABLE, which means that revoked delegations are (almost) never found. Add SC_STATUS_FREEABLE to the always-allowed status flags, and remove it from nfsd4_delegreturn() since it's now always implied.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥6.11.6  –  <6.12
linuxlinux_kernel*≥6.12.1  –  <6.12.23
linuxlinux_kernel*≥6.13  –  <6.13.11
linuxlinux_kernel*≥6.14  –  <6.14.2
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/52e209203c35a4fbff8af23cd3613efe5df40102
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bcb44e650bc4ec7eac23df90c5e011a77fa2beb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1bc15b147d35b4cb7ca99a9a7d79d41ca342c13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc6f3295905d7185e71091870119a8c11c3808cc
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/52e209203c35a4fbff8af23cd3613efe5df40102
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bcb44e650bc4ec7eac23df90c5e011a77fa2beb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1bc15b147d35b4cb7ca99a9a7d79d41ca342c13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc6f3295905d7185e71091870119a8c11c3808cc
    Patch