CVE-2025-38724
published 2025-09-04CVE-2025-38724: In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Lei Lu recently reported that nfsd4_setclientid_confirm() did not check
the return value from get_client_locked(). a SETCLIENTID_CONFIRM could
race with a confirmed client expiring and fail to get a reference. That
could later lead to a UAF.
Fix this by getting a reference early in the case where there is an
extant confirmed client. If that fails then treat it as if there were no
confirmed client found at all.
In the case where the unconfirmed client is expiring, just fail and
return the result from get_client_locked().
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 3f252a73e81aa01660cb426735eab932e6182e8d | 3f252a73e81aa01660cb426735eab932e6182e8d |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < d35ac850410966010e92f401f4e21868a9ea4d8b | d35ac850410966010e92f401f4e21868a9ea4d8b |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < f3aac6cf390d8b80e1d82975faf4ac61175519c0 | f3aac6cf390d8b80e1d82975faf4ac61175519c0 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 22f45cedf281e6171817c8a3432c44d788c550e1 | 22f45cedf281e6171817c8a3432c44d788c550e1 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < d71abd1ae4e0413707cd42b10c24a11d1aa71772 | d71abd1ae4e0413707cd42b10c24a11d1aa71772 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 74ad36ed60df561a303a19ecef400c7096b20306 | 74ad36ed60df561a303a19ecef400c7096b20306 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 36e83eda90e0e4ac52f259f775b40b2841f8a0a3 | 36e83eda90e0e4ac52f259f775b40b2841f8a0a3 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1 | 571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1 |
| linux | linux | >= d20c11d86d8f821a64eac7d6c8f296f06d935f4f < 908e4ead7f757504d8b345452730636e298cbf68 | 908e4ead7f757504d8b345452730636e298cbf68 |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 3.17 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
| linux | linux_kernel | >= 6.16 < 6.16.2 | 6.16.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH