Linux Kernel NFS Client Callback Issue in NFSD
CVE-2025-21795

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel's NFSD can cause a hang during the nfsd4_shutdown_callback, particularly when the nfs4_client is in a courtesy state. This issue arises because the callback attempt remains in progress due to cl_cb_inflight not being zero, resulting in a prolonged hang of approximately 15 minutes until the TCP layer drops the connection. This vulnerability has been addressed by modifying the nfsd4_run_cb_work function to bypass the RPC call when the nfs4_client is in courtesy state, thereby enhancing overall system stability and performance.

Affected Version(s)

Linux 66af25799940b26efd41ea6e648f75c41a48a2c2 < 38d345f612503b850c2973e5a879f88e441b34d7

Linux 66af25799940b26efd41ea6e648f75c41a48a2c2 < 23ad7797c74cd8f7f90617f1e59a8703e2b43908

Linux 66af25799940b26efd41ea6e648f75c41a48a2c2

References

https://git.kernel.org/stable/c/38d345f612503b850c2973e5a...

https://git.kernel.org/stable/c/23ad7797c74cd8f7f90617f1e...

https://git.kernel.org/stable/c/cedfbb92cf97a6bff3d256330...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024