Remote Crash Vulnerability in Linux Kernel SunRPC Handling
CVE-2025-38089
What is CVE-2025-38089?
A recently discovered vulnerability in the Linux kernel's SunRPC subsystem allows an attacker to trigger a remotely exploitable crash. This occurs when a client sends a carefully crafted packet to the kernel's RPC server, resulting in a failure during the decoding of the RPC reply. If the reply returns SVC_GARBAGE without properly setting the request accept status pointer, it leads to dereferencing a NULL pointer, causing the kernel to crash. In scenarios where the pointer is not NULL, it can result in unexpected memory modifications. This vulnerability highlights the importance of correct handling of authentication errors, as the SunRPC code erroneously responds with GARBAGE_ARGS instead of the appropriate AUTH_ERR status when authentication fails. Correctly managing the response mechanisms is crucial in preventing crashes and maintaining system stability.
Affected Version(s)
Linux 29cd2927fb914cc53b5ba4f67d2b74695c994ba4 < 599c489eea793821232a2f69a00fa57d82b0ac98
Linux 29cd2927fb914cc53b5ba4f67d2b74695c994ba4 < 353e75b55e583635bf71cde6abcec274dba05edd
Linux 29cd2927fb914cc53b5ba4f67d2b74695c994ba4