cve/published/2025/CVE-2025-37871.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: decrease sc_count directly if fail to queue dl_recall\n\nA deadlock warning occurred when invoking nfs4_put_stid following a failed\ndl_recall queue operation:\n            T1                            T2\n                                nfs4_laundromat\n                                 nfs4_get_client_reaplist\n                                  nfs4_anylock_blockers\n__break_lease\n spin_lock // ctx->flc_lock\n                                   spin_lock // clp->cl_lock\n                                   nfs4_lockowner_has_blockers\n                                    locks_owner_has_blockers\n                                     spin_lock // flctx->flc_lock\n nfsd_break_deleg_cb\n  nfsd_break_one_deleg\n   nfs4_put_stid\n    refcount_dec_and_lock\n     spin_lock // clp->cl_lock\n\nWhen a file is opened, an nfs4_delegation is allocated with sc_count\ninitialized to 1, and the file_lease holds a reference to the delegation.\nThe file_lease is then associated with the file through kernel_setlease.\n\nThe disassociation is performed in nfsd4_delegreturn via the following\ncall chain:\nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg -->\nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease\nThe corresponding sc_count reference will be released after this\ndisassociation.\n\nSince nfsd_break_one_deleg executes while holding the flc_lock, the\ndisassociation process becomes blocked when attempting to acquire flc_lock\nin generic_delete_lease. This means:\n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;\n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to\nacquire cl_lock;\n3) Consequently, no deadlock condition is created.\n\nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can\nsafely perform refcount_dec on sc_count directly. This approach\neffectively avoids triggering deadlock warnings."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "fs/nfsd/nfs4state.c"
                ],
                "versions": [
                   {
                      "version": "b874cdef4e67e5150e07eff0eae1cbb21fb92da1",
                      "lessThan": "b9bbe8f9d5663311d06667ce36d6ed255ead1a26",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "cdb796137c57e68ca34518d53be53b679351eb86",
                      "lessThan": "a70832d3555987035fc430ccd703acd89393eadb",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "d96587cc93ec369031bcd7658c6adc719873c9fd",
                      "lessThan": "ba903539fff745d592d893c71b30e5e268a95413",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "9a81cde8c7ce65dd90fb47ceea93a45fc1a2fbd1",
                      "lessThan": "7d192e27a431026c58d60edf66dc6cd98d0c01fc",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "cad3479b63661a399c9df1d0b759e1806e2df3c8",
                      "lessThan": "a7fce086f6ca84db409b9d58493ea77c1978897c",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "133f5e2a37ce08c82d24e8fba65e0a81deae4609",
                      "lessThan": "14985d66b9b99c12995dd99d1c6c8dec4114c2a5",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "230ca758453c63bd38e4d9f4a21db698f7abada8",
                      "lessThan": "a1d14d931bf700c1025db8c46d6731aa5cf440f9",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "63b91c8ff4589f5263873b24c052447a28e10ef7",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "fs/nfsd/nfs4state.c"
                ],
                "versions": [
                   {
                      "version": "5.10.236",
                      "lessThan": "5.10.237",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15.180",
                      "lessThan": "5.15.181",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.1.134",
                      "lessThan": "6.1.135",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.87",
                      "lessThan": "6.6.88",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.23",
                      "lessThan": "6.12.25",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.14.2",
                      "lessThan": "6.14.4",
                      "status": "affected",
                      "versionType": "semver"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.10.236",
                            "versionEndExcluding": "5.10.237"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15.180",
                            "versionEndExcluding": "5.15.181"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.1.134",
                            "versionEndExcluding": "6.1.135"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.6.87",
                            "versionEndExcluding": "6.6.88"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.12.23",
                            "versionEndExcluding": "6.12.25"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.14.2",
                            "versionEndExcluding": "6.14.4"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.13.11"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26"
             },
             {
                "url": "https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb"
             },
             {
                "url": "https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413"
             },
             {
                "url": "https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc"
             },
             {
                "url": "https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c"
             },
             {
                "url": "https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5"
             },
             {
                "url": "https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9"
             }
          ],
          "title": "nfsd: decrease sc_count directly if fail to queue dl_recall",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2025-37871",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: decrease sc_count directly if fail to queue dl_recall\n\nA deadlock warning occurred when invoking nfs4_put_stid following a failed\ndl_recall queue operation:\n T1 T2\n nfs4_laundromat\n nfs4_get_client_reaplist\n nfs4_anylock_blockers\n__break_lease\n spin_lock // ctx->flc_lock\n spin_lock // clp->cl_lock\n nfs4_lockowner_has_blockers\n locks_owner_has_blockers\n spin_lock // flctx->flc_lock\n nfsd_break_deleg_cb\n nfsd_break_one_deleg\n nfs4_put_stid\n refcount_dec_and_lock\n spin_lock // clp->cl_lock\n\nWhen a file is opened, an nfs4_delegation is allocated with sc_count\ninitialized to 1, and the file_lease holds a reference to the delegation.\nThe file_lease is then associated with the file through kernel_setlease.\n\nThe disassociation is performed in nfsd4_delegreturn via the following\ncall chain:\nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg -->\nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease\nThe corresponding sc_count reference will be released after this\ndisassociation.\n\nSince nfsd_break_one_deleg executes while holding the flc_lock, the\ndisassociation process becomes blocked when attempting to acquire flc_lock\nin generic_delete_lease. This means:\n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;\n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to\nacquire cl_lock;\n3) Consequently, no deadlock condition is created.\n\nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can\nsafely perform refcount_dec on sc_count directly. This approach\neffectively avoids triggering deadlock warnings."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"fs/nfsd/nfs4state.c"
	],
	"versions": [
	{
	"version": "b874cdef4e67e5150e07eff0eae1cbb21fb92da1",
	"lessThan": "b9bbe8f9d5663311d06667ce36d6ed255ead1a26",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "cdb796137c57e68ca34518d53be53b679351eb86",
	"lessThan": "a70832d3555987035fc430ccd703acd89393eadb",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "d96587cc93ec369031bcd7658c6adc719873c9fd",
	"lessThan": "ba903539fff745d592d893c71b30e5e268a95413",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "9a81cde8c7ce65dd90fb47ceea93a45fc1a2fbd1",
	"lessThan": "7d192e27a431026c58d60edf66dc6cd98d0c01fc",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "cad3479b63661a399c9df1d0b759e1806e2df3c8",
	"lessThan": "a7fce086f6ca84db409b9d58493ea77c1978897c",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "133f5e2a37ce08c82d24e8fba65e0a81deae4609",
	"lessThan": "14985d66b9b99c12995dd99d1c6c8dec4114c2a5",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "230ca758453c63bd38e4d9f4a21db698f7abada8",
	"lessThan": "a1d14d931bf700c1025db8c46d6731aa5cf440f9",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "63b91c8ff4589f5263873b24c052447a28e10ef7",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"fs/nfsd/nfs4state.c"
	],
	"versions": [
	{
	"version": "5.10.236",
	"lessThan": "5.10.237",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "5.15.180",
	"lessThan": "5.15.181",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.1.134",
	"lessThan": "6.1.135",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.6.87",
	"lessThan": "6.6.88",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.12.23",
	"lessThan": "6.12.25",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.14.2",
	"lessThan": "6.14.4",
	"status": "affected",
	"versionType": "semver"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.10.236",
	"versionEndExcluding": "5.10.237"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15.180",
	"versionEndExcluding": "5.15.181"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.1.134",
	"versionEndExcluding": "6.1.135"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.6.87",
	"versionEndExcluding": "6.6.88"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.12.23",
	"versionEndExcluding": "6.12.25"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.14.2",
	"versionEndExcluding": "6.14.4"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.13.11"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26"
	},
	{
	"url": "https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb"
	},
	{
	"url": "https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413"
	},
	{
	"url": "https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc"
	},
	{
	"url": "https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c"
	},
	{
	"url": "https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5"
	},
	{
	"url": "https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9"
	}
	],
	"title": "nfsd: decrease sc_count directly if fail to queue dl_recall",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2025-37871",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}