CVE-2025-38400
published 2025-07-25CVE-2025-38400: In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
syzbot reported a warning below [1] following a fault injection in
nfs_fs_proc_net_init(). [0]
When nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.
Later, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning
is logged as the directory is not empty.
Let's handle the error of nfs_fs_proc_net_init() properly.
[0]:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
dump_stack_lvl (lib/dump_stack.c:123)
should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)
should_failslab (mm/failslab.c:46)
kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)
__proc_create (fs/proc/generic.c:427)
proc_create_reg (fs/proc/generic.c:554)
proc_create_net_data (fs/proc/proc_net.c:120)
nfs_fs_proc_net_init (fs/nfs/client.c:1409)
nfs_net_init (fs/nfs/inode.c:2600)
ops_init (net/core/net_namespace.c:138)
setup_net (net/core/net_namespace.c:443)
copy_net_ns (net/core/net_namespace.c:576)
create_new_namespaces (kernel/nsproxy.c:110)
unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))
ksys_unshare (kernel/fork.c:3123)
__x64_sys_unshare (kernel/fork.c:3190)
do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[1]:
remove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs'
WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727
Modules linked in:
CPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Goog
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 0bbd429260821dfb81478749837d3e6377949ac6 < b92397ce96743e4cc090207e2df2a856cb4cef08 | b92397ce96743e4cc090207e2df2a856cb4cef08 |
| linux | linux | >= 31dd0cda5aa0547de447aaf184812f85ccc34044 < 8785701fd7cd52ae74c0d2b35b82568df74e9dbb | 8785701fd7cd52ae74c0d2b35b82568df74e9dbb |
| linux | linux | >= 5.10.217 < 5.10.240 | 5.10.240 |
| linux | linux | >= 5.15.159 < 5.15.187 | 5.15.187 |
| linux | linux | >= 5.4.276 < 5.4.296 | 5.4.296 |
| linux | linux | >= 53a0365c9f9f66e1a981bf9188d8716d682e0739 < d0877c479f44fe475f4c8c02c88ce9ad43e90298 | d0877c479f44fe475f4c8c02c88ce9ad43e90298 |
| linux | linux | >= 6.1.91 < 6.1.144 | 6.1.144 |
| linux | linux | >= 6.6.31 < 6.6.97 | 6.6.97 |
| linux | linux | >= 6.8.10 < 6.9 | 6.9 |
| linux | linux | >= 6eef21eb7a165601882dad0419a630e32d2d7a2c < 412534a1fb76958b88dca48360c6f3ad4f3390f4 | 412534a1fb76958b88dca48360c6f3ad4f3390f4 |
| linux | linux | >= 9dd86e9d34b1078dcd647220e96a205028bf4e6f < 7701c245ff1ac1a126bf431e72b24547519046ff | 7701c245ff1ac1a126bf431e72b24547519046ff |
| linux | linux | >= d47151b79e3220e72ae323b8b8e9d6da20dc884e < 3c94212b57bedec3a386ef3da1ef00602f5c3d1d | 3c94212b57bedec3a386ef3da1ef00602f5c3d1d |
| linux | linux | >= d47151b79e3220e72ae323b8b8e9d6da20dc884e < 6acf340f8c1d296bcf535986175f5d0d6f2aab09 | 6acf340f8c1d296bcf535986175f5d0d6f2aab09 |
| linux | linux | >= d47151b79e3220e72ae323b8b8e9d6da20dc884e < e8d6f3ab59468e230f3253efe5cb63efa35289f7 | e8d6f3ab59468e230f3253efe5cb63efa35289f7 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM