CVE-2025-38232 — Race Condition in Linux
CWE-362 — Race ConditionCWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition54 documents7 sources
Severity
4.7MEDIUMNVD
OSV5.6OSV3.2
EPSS
0.0%
top 99.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 4
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix race between nfsd registration and exports_proc
As of now nfsd calls create_proc_exports_entry() at start of init_nfsd
and cleanup by remove_proc_entry() at last of exit_nfsd.
Which causes kernel OOPs if there is race between below 2 operations:
(i) exportfs -r
(ii) mount -t nfsd none /proc/fs/nfsd
for 5.4 kernel ARM64:
CPU 1:
el1_irq+0xbc/0x180
arch_counter_get_cntvct+0x14/0x18
running_clock+0xc/0x18
preempt_coun…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6