Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: The issue in nfsd4setclientidconfirm where the function does not check the return value from getclientlocked was addressed. In this case, a SETCLIENTIDCONFIRM operation might race with a confirmed client’s expiration, causi...

Siemens SIMATIC S7-1500 Use After Free (CVE-2025-38724)

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

CVE-2025-38724 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

CVE-2025-38724

CVE-2025-38724: Linux kernel NFS server (nfsd) had a race in nfsd4_setclientid_confirm() where it did not check get_client_locked() return, risking reference loss and a potential use-after-free. A fix obtains a reference early when a confirmed client exists, and handles failure as if no confirmed...