| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072508-CVE-2025-38393-f2e8@gregkh>
Date: Fri, 25 Jul 2025 14:55:24 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38393: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
We found a few different systems hung up in writeback waiting on the same
page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in
pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count
was zero.
It seems most likely that this is another race between the waiter and waker
similar to commit ed0172af5d6f ("SUNRPC: Fix a race to wake a sync task").
Fix it up by applying the advised barrier.
The Linux kernel CVE team has assigned CVE-2025-38393 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.10.124 with commit 8acc3e228e1c90bd410f73597a4549e0409f22d6 and fixed in 5.10.240 with commit 08287df60bac5b008b6bcdb03053988335d3d282
Issue introduced in 5.15.49 with commit ec23a86e060cbe30b62eb2955adc97c92d80cc4c and fixed in 5.15.187 with commit 8846fd02c98da8b79e6343a20e6071be6f372180
Issue introduced in 5.19 with commit 880265c77ac415090090d1fe72a188fee71cb458 and fixed in 6.1.144 with commit e4b13885e7ef1e64e45268feef1e5f0707c47e72
Issue introduced in 5.19 with commit 880265c77ac415090090d1fe72a188fee71cb458 and fixed in 6.6.97 with commit 8ca65fa71024a1767a59ffbc6a6e2278af84735e
Issue introduced in 5.19 with commit 880265c77ac415090090d1fe72a188fee71cb458 and fixed in 6.12.37 with commit 864a54c1243ed3ca60baa4bc492dede1361f4c83
Issue introduced in 5.19 with commit 880265c77ac415090090d1fe72a188fee71cb458 and fixed in 6.15.6 with commit 1f4da20080718f258e189a2c5f515385fa393da6
Issue introduced in 5.19 with commit 880265c77ac415090090d1fe72a188fee71cb458 and fixed in 6.16-rc5 with commit c01776287414ca43412d1319d2877cbad65444ac
Issue introduced in 5.18.6 with commit f133819e24e78f3aaaa00e9fa2b816d5f73fd172
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38393
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/nfs/pnfs.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/08287df60bac5b008b6bcdb03053988335d3d282
https://git.kernel.org/stable/c/8846fd02c98da8b79e6343a20e6071be6f372180
https://git.kernel.org/stable/c/e4b13885e7ef1e64e45268feef1e5f0707c47e72
https://git.kernel.org/stable/c/8ca65fa71024a1767a59ffbc6a6e2278af84735e
https://git.kernel.org/stable/c/864a54c1243ed3ca60baa4bc492dede1361f4c83
https://git.kernel.org/stable/c/1f4da20080718f258e189a2c5f515385fa393da6
https://git.kernel.org/stable/c/c01776287414ca43412d1319d2877cbad65444ac
Powered by blists - more mailing lists