CVE-2025-21795
📋 TL;DR
A denial-of-service vulnerability in the Linux kernel's NFS server (nfsd) causes a 15-minute hang when shutting down callback connections for clients in 'courtesy state'. This affects systems running NFSv4 with callback functionality enabled, potentially causing service disruption.
💻 Affected Systems
- Linux kernel NFS server (nfsd)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
NFS server becomes unresponsive for 15 minutes per affected connection, potentially disrupting file access for multiple clients and causing cascading application failures.
Likely Case
Temporary NFS service disruption during client disconnection scenarios, with automatic recovery after TCP timeout (15 minutes).
If Mitigated
Minimal impact with proper network segmentation and monitoring; service resumes normally after timeout.
🎯 Exploit Status
Requires ability to establish NFSv4 callback connections and trigger shutdown scenarios. Likely requires client access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 036ac2778f7b28885814c6fbc07e156ad1624d03, 23ad7797c74cd8f7f90617f1e59a8703e2b43908, 38d345f612503b850c2973e5a879f88e441b34d7, abed68027ea3ab893ac85cc46a00e2e64a324239, cedfbb92cf97a6bff3d25633001d9c44442ee854
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify nfsd service restarts properly.
🔧 Temporary Workarounds
Disable NFSv4 callbacks
linuxDisable callback functionality to prevent the vulnerability from being triggered
Add 'noacl' or 'nfsvers=3' to NFS mount options
Configure NFS server to not use callbacks
Reduce TCP timeout
linuxReduce TCP connection timeout to shorten hang duration
sysctl -w net.ipv4.tcp_keepalive_time=300
sysctl -w net.ipv4.tcp_keepalive_intvl=30
sysctl -w net.ipv4.tcp_keepalive_probes=3
🧯 If You Can't Patch
- Implement network segmentation to isolate NFS servers from untrusted clients
- Monitor NFS server logs for connection hangs and restart service if detected
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it contains vulnerable nfsd4_shutdown_callback code. Use: 'uname -r' and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Test NFSv4 callback shutdown scenarios to ensure no hangs occur.📡 Detection & Monitoring
Log Indicators:
- NFS server logs showing callback connection hangs
- TCP timeout messages related to NFS connections
- Extended nfsd process states
Network Indicators:
- Stalled NFSv4 callback connections
- TCP connections in CLOSE_WAIT state for extended periods
SIEM Query:
source="nfsd.log" AND ("callback" AND "hang" OR "timeout")🔗 References
- https://git.kernel.org/stable/c/036ac2778f7b28885814c6fbc07e156ad1624d03
- https://git.kernel.org/stable/c/23ad7797c74cd8f7f90617f1e59a8703e2b43908
- https://git.kernel.org/stable/c/38d345f612503b850c2973e5a879f88e441b34d7
- https://git.kernel.org/stable/c/abed68027ea3ab893ac85cc46a00e2e64a324239
- https://git.kernel.org/stable/c/cedfbb92cf97a6bff3d25633001d9c44442ee854
- https://git.kernel.org/stable/c/e88d2451cd42e025465d6b51fd716a47b0b3800d
- https://git.kernel.org/stable/c/efa8a261c575f816c7e79a87aeb3ef8a0bd6b221
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
