CVE-2025-71090 nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg()

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsdfile reference leak in nfsd4addrdaccesstowrdeleg nfsd4addrdaccesstowrdeleg unconditionally overwrites fp-fifdsORDONLY with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREAD open from a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly release an nfsdfile reference in the nfsd4addrdaccesstowrdeleg function, which could...

CVE-2025-38028

CVE-2025-38028 : Linux kernel local vulnerability in NFS/localio due to a race in nfs_local_open_fh. After clp->cl_uuid.lock is dropped, another CPU could free the recently added nfsd_file. The fix uses an RCU read lock before dropping the spin lock to prevent dangling pointers. Exploitation i...

CVE-2024-50121

CVE-2024-50121 affects the Linux kernel component nfsd, specifically the race where nfsd_shrinker_work may be cancelled in nfs4_state_shutdown_net without waiting for the shrinker to exit. This can cause warnings and use-after-free scenarios when unhashing and destroying nfsd clients during net s...