Linux Kernel Vulnerability in NFS Daemon Affecting nfs4_lookup_stateid()
CVE-2025-39688

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability in the Linux kernel's NFS daemon affects the nfs4_lookup_stateid() function related to stateid management. When a delegation is revoked, it is marked as SC_STATUS_REVOKED or SC_STATUS_ADMIN_REVOKED, and later as SC_STATUS_FREEABLE, indicating it's awaiting a FREE_STATEID call. The current implementation does not account for SC_STATUS_FREEABLE in the status mask for looking up revoked delegations, which leads to the generation of incorrect errors such as NFS4ERR_BAD_STATEID rather than the expected NFS4ERR_DELEG_REVOKED. This flaw impacts the reliability of delegation handling in NFS transactions.

Affected Version(s)

Linux 8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a < 52e209203c35a4fbff8af23cd3613efe5df40102

Linux 8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a

Linux 8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a < 5bcb44e650bc4ec7eac23df90c5e011a77fa2beb

References

https://git.kernel.org/stable/c/52e209203c35a4fbff8af23cd...

https://git.kernel.org/stable/c/dc6f3295905d7185e71091870...

https://git.kernel.org/stable/c/5bcb44e650bc4ec7eac23df90...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025