CVE-2025-22026 – This CVE-2025-22026 is a Linux kernel vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-22026?

CVE-2025-22026 has a CVSS score of 5.5 (MEDIUM). This CVE-2025-22026 is a Linux kernel vulnerability in the NFS server (nfsd) where error handling is missing when creating procfs entries. If svc_proc_register() fails during NFS server initialization, the kernel will trigger a warning later when trying to remove the non-existent entry. This affects systems running NFS server services on vulnerable Linux kernel versions.

📋 TL;DR

This CVE-2025-22026 is a Linux kernel vulnerability in the NFS server (nfsd) where error handling is missing when creating procfs entries. If svc_proc_register() fails during NFS server initialization, the kernel will trigger a warning later when trying to remove the non-existent entry. This affects systems running NFS server services on vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated in CVE, but patches exist in stable kernel trees from commits listed in references.

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems with NFS server (nfsd) enabled and running. Many systems don't run NFS server by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel warning/panic leading to system instability or crash, potentially disrupting NFS services and affecting dependent systems.

🟠

Likely Case

Kernel warning messages in logs during NFS server initialization or shutdown, possibly causing service startup failures.

🟢

If Mitigated

Minor logging noise with no functional impact if the failure condition doesn't occur.

🌐 Internet-Facing: LOW - NFS servers typically shouldn't be directly internet-facing due to protocol security concerns.

🏢 Internal Only: MEDIUM - Affects internal NFS servers that provide file sharing services to other systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires specific conditions where procfs entry creation fails during NFS server initialization.

This is a reliability/error handling bug rather than a traditional security vulnerability. Exploitation requires triggering the specific failure condition in svc_proc_register().

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in Linux kernel stable trees (commits: 30405b23b4d5e2a596fb756d48119d7293194e75, 6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0, 930b64ca0c511521f0abdd1d57ce52b2a6e3476b, 9d9456185fd5f1891c74354ee297f19538141ead, e31957a819e60cf0bc9a49408765e6095fd3d046)

Vendor Advisory: https://git.kernel.org/stable/c/30405b23b4d5e2a596fb756d48119d7293194e75

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution vendor for kernel updates. 3. Reboot system after kernel update. 4. Verify NFS server starts without warnings.

🔧 Temporary Workarounds

Disable NFS server

linux

If NFS server functionality is not required, disable it to eliminate the vulnerability.

systemctl stop nfs-server
systemctl disable nfs-server

🧯 If You Can't Patch

Monitor kernel logs for WARN messages related to nfsd or procfs operations
Ensure adequate system resources (memory) to reduce likelihood of allocation failures

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nfsd is running: 'uname -r' and 'systemctl status nfs-server' or 'ps aux | grep nfsd'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits, restart nfsd service, monitor dmesg for absence of WARN messages

📡 Detection & Monitoring

Log Indicators:

Kernel WARN messages in dmesg or /var/log/kern.log related to nfsd, procfs, or svc_proc_register

Network Indicators:

NFS service startup failures or instability

SIEM Query:

source="kernel" AND ("WARN" OR "warning") AND ("nfsd" OR "proc_register" OR "svc_proc")

📊 Metadata

CVE ID: CVE-2025-22026

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-252

EPSS Score: 0.07% exploit probability (20th percentile)

Published: April 16, 2025

Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22026, you might also want to check these: