Acknowledged
Created: Jul 7, 2025
Updated: Jul 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]nfsd: Initialize ssc before laundromat_work to prevent NULL dereference[EOL][EOL]In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through[EOL]nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized,[EOL]this can cause NULL pointer dereference.[EOL][EOL]Normally the delayed start of laundromat_work allows sufficient time for[EOL]nfsd_ssc initialization to complete. However, when the kernel waits too[EOL]long for userspace responses (e.g. in nfs4_state_start_net ->[EOL]nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done ->[EOL]cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the[EOL]delayed work may start before nfsd_ssc initialization finishes.[EOL][EOL]Fix this by moving nfsd_ssc initialization before starting laundromat_work.
CREATE(Triage):(User=admin) [CVE-2025-38231 (https://nvd.nist.gov/vuln/detail/CVE-2025-38231)
