Linux Kernel NFS Vulnerability Affecting File Access
CVE-2025-38338

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38338?

A vulnerability has been identified in the Linux kernel affecting the Network File System (NFS) where a double-unlock bug in the function nfs_return_empty_folio() can lead to deadlocks during file reads. When a file is accessed while being truncated by another NFS client, the kernel may call folio_unlock() twice mistakenly. This oversight can result in processes being indefinitely stuck as they wait for the PG_locked state to be released. Although the issue is not frequently noticeable, it creates warnings under specific conditions, signifying potential stability risks in systems utilizing NFS.

Affected Version(s)

Linux 000dbe0bec058cbf2ca9e156e4a5584f5158b0f9 < 14f5549ad163be2c018abc1bb38370fff617a243

Linux 000dbe0bec058cbf2ca9e156e4a5584f5158b0f9 < 5bf0b9eeb0174686f22c2e5b8fb9f47ad25da6f5

Linux 000dbe0bec058cbf2ca9e156e4a5584f5158b0f9 < 1e93b61d3eaa14bfebcc2716ac09d43f3845d420

References

https://git.kernel.org/stable/c/14f5549ad163be2c018abc1bb...

https://git.kernel.org/stable/c/5bf0b9eeb0174686f22c2e5b8...

https://git.kernel.org/stable/c/1e93b61d3eaa14bfebcc2716a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025