CVE-2025-39688

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-39688
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39688.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39688
Downstream
Published
2025-04-18T07:15:43Z
Modified
2025-05-05T17:00:21Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: allow SCSTATUSFREEABLE when searching via nfs4lookupstateid()

The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to see NFS4ERRDELEGREVOKED, but it gets bad NFS4ERRBADSTATEID instead.

When a delegation is revoked, it's initially marked with SCSTATUSREVOKED, or SCSTATUSADMINREVOKED and later, it's marked with the SCSTATUSFREEABLE flag, which denotes that it is waiting for s FREESTATEID call.

nfs4lookupstateid() accepts a statusmask that includes the status flags that a found stateid is allowed to have. Currently, that mask never includes SCSTATUSFREEABLE, which means that revoked delegations are (almost) never found.

Add SCSTATUSFREEABLE to the always-allowed status flags, and remove it from nfsd4_delegreturn() since it's now always implied.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}