CVE-2025-37871: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease. The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation. Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means: 1) sc_count in nfsd_break_one_deleg will not be decremented to 0; 2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock; 3) Consequently, no deadlock condition is created. Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings.
AI Analysis
Technical Summary
CVE-2025-37871 is a vulnerability identified in the Linux kernel's NFS server daemon (nfsd) related to the handling of NFSv4 delegations and lease management. Specifically, the issue arises in the decrementing of the sc_count reference counter when a delegation recall (dl_recall) fails to queue properly. The vulnerability involves a potential deadlock scenario triggered during the invocation of nfs4_put_stid following a failed dl_recall queue operation. The deadlock warning occurs because the process nfsd_break_one_deleg holds the flc_lock while attempting to disassociate a file lease, which also requires acquiring the same lock, causing a blocking condition. The vulnerability is rooted in the complex locking and reference counting mechanisms used to manage NFSv4 delegations and leases, where the sc_count reference counter is not decremented correctly, potentially leading to resource management issues and deadlock warnings. The fix involves directly decrementing the sc_count reference counter in nfsd_break_one_deleg to avoid the deadlock warning without causing actual deadlocks. This correction ensures that the reference counting and lock acquisition sequences are handled safely, preventing the kernel from entering a deadlock state during delegation recall failure scenarios. The affected Linux kernel versions are identified by specific commit hashes, indicating that multiple versions or branches may be impacted. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet. This vulnerability is primarily a stability and reliability issue within the NFS server implementation in the Linux kernel, rather than a direct remote code execution or privilege escalation flaw.
Potential Impact
For European organizations, especially those relying on Linux-based NFS servers for file sharing and storage services, this vulnerability could lead to kernel deadlocks or hangs under specific conditions involving NFSv4 delegation recalls. Such deadlocks may cause service disruptions, impacting availability of critical file services. Organizations with large-scale NFS deployments, such as research institutions, cloud service providers, and enterprises with centralized storage, could experience degraded performance or outages if the vulnerability is triggered. Although no direct security breach or data compromise is indicated, the denial of service potential through kernel deadlocks can affect business continuity and operational efficiency. Additionally, troubleshooting and recovery from such deadlocks may require kernel restarts, leading to downtime. The impact is more pronounced in environments with heavy NFSv4 delegation usage and where lease management is critical. Given the Linux kernel's widespread use in European data centers and infrastructure, the vulnerability poses a moderate risk to service reliability.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2025-37871 as soon as they become available. Since the issue is related to kernel-level locking and reference counting in NFS server code, applying vendor-provided kernel updates or backported patches is essential. Organizations should audit their NFS server configurations to identify usage of NFSv4 delegations and lease features, and consider temporarily disabling delegation recalls or lease mechanisms if feasible, to reduce exposure until patches are applied. Monitoring kernel logs for deadlock warnings related to nfs4_put_stid or nfsd_break_one_deleg can help detect attempts to trigger the issue. For critical systems, implementing redundancy and failover mechanisms for NFS services can minimize downtime caused by potential deadlocks. Additionally, testing kernel updates in staging environments before production deployment is recommended to ensure stability. Collaboration with Linux distribution vendors for timely patch releases and security advisories will facilitate rapid remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2025-37871: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease. The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation. Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means: 1) sc_count in nfsd_break_one_deleg will not be decremented to 0; 2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock; 3) Consequently, no deadlock condition is created. Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings.
AI-Powered Analysis
Technical Analysis
CVE-2025-37871 is a vulnerability identified in the Linux kernel's NFS server daemon (nfsd) related to the handling of NFSv4 delegations and lease management. Specifically, the issue arises in the decrementing of the sc_count reference counter when a delegation recall (dl_recall) fails to queue properly. The vulnerability involves a potential deadlock scenario triggered during the invocation of nfs4_put_stid following a failed dl_recall queue operation. The deadlock warning occurs because the process nfsd_break_one_deleg holds the flc_lock while attempting to disassociate a file lease, which also requires acquiring the same lock, causing a blocking condition. The vulnerability is rooted in the complex locking and reference counting mechanisms used to manage NFSv4 delegations and leases, where the sc_count reference counter is not decremented correctly, potentially leading to resource management issues and deadlock warnings. The fix involves directly decrementing the sc_count reference counter in nfsd_break_one_deleg to avoid the deadlock warning without causing actual deadlocks. This correction ensures that the reference counting and lock acquisition sequences are handled safely, preventing the kernel from entering a deadlock state during delegation recall failure scenarios. The affected Linux kernel versions are identified by specific commit hashes, indicating that multiple versions or branches may be impacted. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet. This vulnerability is primarily a stability and reliability issue within the NFS server implementation in the Linux kernel, rather than a direct remote code execution or privilege escalation flaw.
Potential Impact
For European organizations, especially those relying on Linux-based NFS servers for file sharing and storage services, this vulnerability could lead to kernel deadlocks or hangs under specific conditions involving NFSv4 delegation recalls. Such deadlocks may cause service disruptions, impacting availability of critical file services. Organizations with large-scale NFS deployments, such as research institutions, cloud service providers, and enterprises with centralized storage, could experience degraded performance or outages if the vulnerability is triggered. Although no direct security breach or data compromise is indicated, the denial of service potential through kernel deadlocks can affect business continuity and operational efficiency. Additionally, troubleshooting and recovery from such deadlocks may require kernel restarts, leading to downtime. The impact is more pronounced in environments with heavy NFSv4 delegation usage and where lease management is critical. Given the Linux kernel's widespread use in European data centers and infrastructure, the vulnerability poses a moderate risk to service reliability.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2025-37871 as soon as they become available. Since the issue is related to kernel-level locking and reference counting in NFS server code, applying vendor-provided kernel updates or backported patches is essential. Organizations should audit their NFS server configurations to identify usage of NFSv4 delegations and lease features, and consider temporarily disabling delegation recalls or lease mechanisms if feasible, to reduce exposure until patches are applied. Monitoring kernel logs for deadlock warnings related to nfs4_put_stid or nfsd_break_one_deleg can help detect attempts to trigger the issue. For critical systems, implementing redundancy and failover mechanisms for NFS services can minimize downtime caused by potential deadlocks. Additionally, testing kernel updates in staging environments before production deployment is recommended to ensure stability. Collaboration with Linux distribution vendors for timely patch releases and security advisories will facilitate rapid remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.959Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9818c4522896dcbd7d44
Added to database: 5/21/2025, 9:08:40 AM
Last enriched: 7/4/2025, 12:43:16 AM
Last updated: 7/30/2025, 10:50:32 PM
Views: 10
Related Threats
CVE-2025-8113: CWE-79 Cross-Site Scripting (XSS) in Ebook Store
UnknownCVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumCVE-2025-7686: CWE-352 Cross-Site Request Forgery (CSRF) in lmyoaoa weichuncai(WP伪春菜)
MediumCVE-2025-7684: CWE-352 Cross-Site Request Forgery (CSRF) in remysharp Last.fm Recent Album Artwork
MediumCVE-2025-7683: CWE-352 Cross-Site Request Forgery (CSRF) in janyksteenbeek LatestCheckins
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.