CVE-2025-38724
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/09/2025
Last modified:
05/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()<br />
<br />
Lei Lu recently reported that nfsd4_setclientid_confirm() did not check<br />
the return value from get_client_locked(). a SETCLIENTID_CONFIRM could<br />
race with a confirmed client expiring and fail to get a reference. That<br />
could later lead to a UAF.<br />
<br />
Fix this by getting a reference early in the case where there is an<br />
extant confirmed client. If that fails then treat it as if there were no<br />
confirmed client found at all.<br />
<br />
In the case where the unconfirmed client is expiring, just fail and<br />
return the result from get_client_locked().
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/22f45cedf281e6171817c8a3432c44d788c550e1
- https://git.kernel.org/stable/c/36e83eda90e0e4ac52f259f775b40b2841f8a0a3
- https://git.kernel.org/stable/c/3f252a73e81aa01660cb426735eab932e6182e8d
- https://git.kernel.org/stable/c/571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1
- https://git.kernel.org/stable/c/74ad36ed60df561a303a19ecef400c7096b20306
- https://git.kernel.org/stable/c/908e4ead7f757504d8b345452730636e298cbf68
- https://git.kernel.org/stable/c/d35ac850410966010e92f401f4e21868a9ea4d8b
- https://git.kernel.org/stable/c/d71abd1ae4e0413707cd42b10c24a11d1aa71772
- https://git.kernel.org/stable/c/f3aac6cf390d8b80e1d82975faf4ac61175519c0