Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()[EOL][EOL]Lei Lu recently reported that nfsd4_setclientid_confirm() did not check[EOL]the return value from get_client_locked(). a SETCLIENTID_CONFIRM could[EOL]race with a confirmed client expiring and fail to get a reference. That[EOL]could later lead to a UAF.[EOL][EOL]Fix this by getting a reference early in the case where there is an[EOL]extant confirmed client. If that fails then treat it as if there were no[EOL]confirmed client found at all.[EOL][EOL]In the case where the unconfirmed client is expiring, just fail and[EOL]return the result from get_client_locked().
CREATE(Triage):(User=admin) [CVE-2025-38724 (https://nvd.nist.gov/vuln/detail/CVE-2025-38724)
