CVE-2025-21795 is a vulnerability identified in the Linux kernel's Network File System daemon (nfsd), specifically related to the handling of NFSv4 client shutdown callbacks. The issue arises when an nfs4_client is in a 'courtesy' state, a state indicating that the client is no longer fully active or engaged. In this state, the kernel erroneously attempts to send a shutdown callback, which leads to the nfsd4_shutdown_callback function hanging because the cl_cb_inflight counter, which tracks outstanding callbacks, never reaches zero. This hang persists for approximately 15 minutes until the underlying TCP connection is dropped and the kernel is notified of the disconnection. The root cause is that the callback is sent unnecessarily when the client is in courtesy state, causing the system to wait indefinitely for a response that will never arrive. The patch implemented modifies the nfsd4_run_cb_work function to skip the RPC call entirely if the client is in the courtesy state, thereby preventing the hang. This vulnerability affects multiple versions of the Linux kernel as indicated by the affected commit hashes, and it is specifically tied to the NFS server functionality within the kernel. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, especially those relying heavily on Linux-based infrastructure and NFS for file sharing and storage solutions, this vulnerability could cause significant service disruption. The primary impact is a denial-of-service (DoS) condition where the NFS daemon hangs for about 15 minutes during client shutdown sequences, potentially affecting availability of critical file services. This could degrade performance or cause timeouts in applications dependent on NFS mounts, impacting business continuity. While the vulnerability does not appear to allow remote code execution or privilege escalation, the temporary unavailability of NFS services could disrupt operations in sectors such as finance, manufacturing, research, and public administration where Linux servers and NFS are prevalent. The lack of requirement for user interaction or authentication to trigger the hang increases the risk of accidental or malicious triggering within internal networks. However, since no known exploits exist in the wild, the immediate risk is moderate but could increase if attackers develop exploit techniques to leverage this hang for targeted DoS attacks.

European organizations should prioritize updating their Linux kernel versions to include the patch that addresses CVE-2025-21795. Specifically, kernel versions containing the fix to nfsd4_run_cb_work should be deployed promptly. System administrators should audit their environments to identify Linux servers running NFS server functionality and verify kernel versions against the affected commits. In environments where immediate patching is not feasible, temporary mitigations include monitoring NFS server logs for signs of hangs or delays in shutdown callbacks and implementing network segmentation to limit exposure of NFS services to trusted clients only. Additionally, organizations should consider implementing robust monitoring and alerting for NFS daemon health and TCP connection drops to detect potential hangs early. Testing patches in staging environments before production deployment is recommended to ensure compatibility and stability. Finally, maintaining regular backups and ensuring high availability configurations for critical NFS services can mitigate the impact of potential service disruptions.