CVE-2025-38028

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38028

Downstream

UBUNTU-CVE-2025-38028

USN-7699-1

USN-7699-2

USN-7721-1

Published

2025-06-18T09:28:33Z

Modified

2025-10-22T11:49:55.574857Z

Summary

NFS/localio: Fix a race in nfs_local_open_fh()

Details

In the Linux kernel, the following vulnerability has been resolved:

NFS/localio: Fix a race in nfslocalopen_fh()

Once the clp->cluuid.lock has been dropped, another CPU could come in and free the struct nfsdfile that was just added. To prevent that from happening, take the RCU read lock before dropping the spin lock.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

86e00412254a717ffd5d38dc5ec0ee1cce6281b3

Fixed

185a2f2ddabdcf999823f61de67f86376883920d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

86e00412254a717ffd5d38dc5ec0ee1cce6281b3

Fixed

fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9

Affected versions

v6.*

v6.13

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.14.1

v6.14.2

v6.14.3

v6.14.4

v6.14.5

v6.14.6

v6.14.7

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.8