CVE-2025-38567

{"id": "CVE-2025-38567", "cveTags": [], "metrics": {}, "published": "2025-08-19T17:15:33.380", "references": [{"url": "https://git.kernel.org/stable/c/c4bf8f26c51e51bbb840935659a7b3b65a802c07", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e5a73150776f18547ee685c9f6bfafe549714899", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fcb0a417fddb605530c4837e0996620f8ed38023", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: avoid ref leak in nfsd_open_local_fh()\n\nIf two calls to nfsd_open_local_fh() race and both successfully call\nnfsd_file_acquire_local(), they will both get an extra reference to the\nnet to accompany the file reference stored in *pnf.\n\nOne of them will fail to store (using xchg()) the file reference in\n*pnf and will drop that reference but WON'T drop the accompanying\nreference to the net. This leak means that when the nfs server is shut\ndown it will hang in nfsd_shutdown_net() waiting for\n&nn->nfsd_net_free_done.\n\nThis patch adds the missing nfsd_net_put()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: evitar fuga de referencia en nfsd_open_local_fh(). Si se ejecutan dos llamadas a nfsd_open_local_fh() y ambas invocan correctamente nfsd_file_acquire_local(), ambas obtendr\u00e1n una referencia adicional a la red que acompa\u00f1a a la referencia del archivo almacenada en *pnf. Una de ellas no almacenar\u00e1 (mediante xchg()) la referencia del archivo en *pnf y la eliminar\u00e1, pero NO eliminar\u00e1 la referencia que la acompa\u00f1a a la red. Esta fuga significa que, al apagar el servidor NFS, se bloquear\u00e1 en nfsd_shutdown_net() esperando &nn->nfsd_net_free_done. Este parche a\u00f1ade la funci\u00f3n nfsd_net_put() que faltaba."}], "lastModified": "2025-08-20T14:40:17.713", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}