Null Pointer Dereference in Linux Kernel NFS Services
CVE-2025-38231

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38231?

A vulnerability exists in the Linux kernel's NFS services where the initialization of nfsd_ssc is delayed. If laundromat_work is triggered before nfsd_ssc is initialized, it can result in a NULL pointer dereference, potentially causing service disruptions. The issue arises when the kernel's wait for userspace responses exceeds expected durations, leading to safety concerns in NFS operations. The fix involves initializing nfsd_ssc before the execution of laundromat_work, thereby enhancing system reliability and security.

Affected Version(s)

Linux a4bc287943f5695209ff36bdc89f17b48d68fae7

Linux f4e44b393389c77958f7c58bf4415032b4cda15b < 0fccf5f01ed28725cc313a66ca1247eef911d55e

Linux f4e44b393389c77958f7c58bf4415032b4cda15b

References

https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84...

https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66c...

https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025