CVE-2025-22025 is a vulnerability identified in the Linux kernel's NFS server daemon (nfsd), specifically related to the handling of delegation state identifiers (dl_stid) in the NFSv4 protocol implementation. The issue arises in the function responsible for queuing recall callbacks (dl_recall) to the kernel's callback work queue (callback_wq). When nfsd4_run_cb is called to queue a dl_recall, the reference count of the associated dl_stid object is incremented to ensure proper lifecycle management. The design expects that once the callback work_struct is processed, the reference count will be decremented via the callback function nfsd4_cb_recall_release. However, if nfsd4_run_cb fails to queue the callback, the incremented reference count is not decremented, resulting in a reference count leak. This leak causes unreferenced dl_stid objects to accumulate in memory, leading to a memory leak within the NFS server process. The technical details include kernel memory allocation backtraces showing the leak and the affected code paths, such as nfsd4_process_open, nfsd4_open, and nfsd4_proc_compound. The fix involves checking the return value of nfsd4_run_cb and calling nfs4_put_stid to decrement the reference count if queuing fails, preventing the leak. This vulnerability affects Linux kernel versions identified by the given commit hashes and was published on April 16, 2025. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily impacts systems running Linux kernels with the vulnerable NFS server implementation, particularly those using NFSv4 delegations. The memory leak caused by unreleased dl_stid objects can lead to gradual resource exhaustion on NFS servers, potentially degrading performance or causing service instability over time. In environments with high NFS delegation usage, such as large-scale file servers, cloud infrastructure, and enterprise storage systems, this could result in denial of service conditions if the leak is severe and unmitigated. Confidentiality and integrity are not directly impacted by this vulnerability since it does not allow unauthorized access or code execution. However, availability can be affected due to resource depletion. European organizations relying on Linux-based NFS servers for critical file sharing and storage services may experience operational disruptions. Additionally, the vulnerability could increase maintenance overhead and require more frequent reboots or manual interventions to clear leaked resources. Given the widespread use of Linux in European data centers, cloud providers, and enterprises, the impact could be significant if left unpatched.

To mitigate CVE-2025-22025, European organizations should: 1) Apply the official Linux kernel patches that address the reference count leak in the nfsd4_run_cb function as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Monitor NFS server memory usage and resource consumption closely to detect abnormal growth patterns indicative of leaks. 3) Implement proactive resource management strategies such as automated restarts or recycling of the nfsd service during maintenance windows to minimize service disruption. 4) Limit the use of NFS delegations where possible or configure delegation timeouts to reduce the potential impact of leaks. 5) Employ kernel live patching solutions if available to apply fixes without requiring full system reboots, minimizing downtime. 6) Maintain an inventory of Linux kernel versions in use across infrastructure to prioritize patching efforts on vulnerable systems. 7) Engage with Linux distribution vendors for timely security updates and advisories related to this vulnerability. These steps go beyond generic advice by focusing on operational monitoring, resource management, and leveraging vendor support to ensure timely remediation.