CVE-2025-38338
📋 TL;DR
A double-unlock bug in the Linux kernel's NFS client can cause deadlocks when files are read while being truncated by another NFS client. This affects Linux systems using NFS with fscache enabled, potentially causing system hangs and denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System deadlock requiring hard reboot, causing extended downtime and data corruption in NFS-mounted filesystems.
Likely Case
Process hangs and denial of service for NFS operations, with occasional kernel warnings in system logs.
If Mitigated
Minor performance impact with proper patching and monitoring.
🎯 Exploit Status
Exploitation requires specific timing conditions and NFS access. More likely to occur accidentally than be weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 14f5549ad163be2c018abc1bb38370fff617a243, 1e93b61d3eaa14bfebcc2716ac09d43f3845d420, 4c10fa44bc5f700e2ea21de2fbae520ba21f19d9, 5bf0b9eeb0174686f22c2e5b8fb9f47ad25da6f5)
Vendor Advisory: https://git.kernel.org/stable/c/14f5549ad163be2c018abc1bb38370fff617a243
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable fscache for NFS
linuxTemporarily disable filesystem cache for NFS mounts to avoid the double-unlock condition.
mount -o remount,nofsc /path/to/nfs/mount
Monitor for deadlocks
linuxImplement monitoring for hung NFS processes and kernel warnings.
grep -i 'folio.*not locked\|deadlock\|PG_locked' /var/log/kern.log
🧯 If You Can't Patch
- Implement strict NFS access controls to limit concurrent file access
- Monitor system logs for warning messages and restart affected services when detected
🔍 How to Verify
Check if Vulnerable:
Check kernel version and NFS configuration. Vulnerable if using affected kernel with NFS fscache enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched release and monitor for absence of 'folio not locked' warnings in kernel logs.📡 Detection & Monitoring
Log Indicators:
- WARNING: folio is not locked
- deadlock detected in nfs operations
- PG_locked warnings in kernel logs
Network Indicators:
- Increased NFS timeout errors
- Hung NFS file operations
SIEM Query:
source="kernel" AND ("folio not locked" OR "PG_locked" OR "nfs deadlock")