SB20250509123 - Improper locking in Linux kernel nfsd
Published: May 9, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250509123
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-37871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfsd_break_one_deleg() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5
- https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc
- https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9
- https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb
- https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c
- https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26
- https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135