Race Condition Vulnerability in Linux Kernel NFSv4/pNFS Products
CVE-2025-38393

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38393?

A race condition vulnerability in the Linux kernel's NFSv4/pNFS implementation can lead to system hangs during writeback processes. This issue arises when multiple systems contend for the same page lock, resulting in one task waiting indefinitely on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(). In this scenario, the outstanding count of pnfs_layout_hdr remains zero, indicating potential synchronization failures. The vulnerability was addressed by applying a recommended barrier to enhance task synchronization and prevent such race conditions from occurring.

Affected Version(s)

Linux 8acc3e228e1c90bd410f73597a4549e0409f22d6 < 08287df60bac5b008b6bcdb03053988335d3d282

Linux ec23a86e060cbe30b62eb2955adc97c92d80cc4c < 8846fd02c98da8b79e6343a20e6071be6f372180

Linux 880265c77ac415090090d1fe72a188fee71cb458

References

https://git.kernel.org/stable/c/08287df60bac5b008b6bcdb03...
https://git.kernel.org/stable/c/8846fd02c98da8b79e6343a20...
https://git.kernel.org/stable/c/e4b13885e7ef1e64e45268fee...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38393 : Race Condition Vulnerability in Linux Kernel NFSv4/pNFS Products