Race Condition in NFS Daemon of Linux Kernel Impacting Multiple Versions
CVE-2025-38232

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38232?

A race condition vulnerability exists in the NFS daemon of the Linux kernel, specifically during the registration and cleanup of NFS exports. The problem arises when simultaneous operations, such as re-exporting file systems and mounting the nfsd, occur. This condition can lead to kernel OOPs due to dereferencing a NULL pointer, which ultimately causes system instability and potential crashes. The vulnerability has been addressed in newer kernel versions by ensuring that user-space exporting interfaces are processed in the correct sequence—cleaning up resources before establishing new connections.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2029ca75cdfa6a25716a5a76b751486cce7e3822

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 327011a2bb4f7de9c72b891a96ce8d902828bddf

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b...

https://git.kernel.org/stable/c/327011a2bb4f7de9c72b891a9...

https://git.kernel.org/stable/c/f7fb730cac9aafda8b9813b55...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025