CVE-2025-38400
📋 TL;DR
This CVE describes a cleanup issue in the Linux kernel's NFS client where if nfs_fs_proc_net_init() fails during network namespace creation, the /proc/net/rpc/nfs directory is not properly removed. This leads to a kernel warning when rpc_proc_exit() later tries to remove the parent directory. The vulnerability affects Linux systems using NFS with network namespace functionality.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system instability if the warning triggers during critical operations, potentially causing denial of service.
Likely Case
Kernel warning messages in system logs during network namespace operations, with no direct security compromise.
If Mitigated
Minor system log pollution with warning messages, no functional impact.
🎯 Exploit Status
Exploitation requires triggering specific failure conditions in nfs_fs_proc_net_init() during network namespace creation, which is complex and unlikely in normal operation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/3c94212b57bedec3a386ef3da1ef00602f5c3d1d
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from official kernel.org or distribution vendor. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable NFS client
linuxRemove NFS client functionality if not needed
modprobe -r nfs
echo 'blacklist nfs' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Monitor system logs for warning messages about 'removing non-empty directory'
- Avoid unnecessary network namespace operations and unshare() system calls
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if NFS modules are loaded: lsmod | grep nfs && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond patched commits and check /proc/net/rpc/nfs exists only when NFS is properly initialized📡 Detection & Monitoring
Log Indicators:
- Kernel warning: 'remove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs'
- FAULT_INJECTION messages in kernel logs
Network Indicators:
- None specific - this is a local kernel issue
SIEM Query:
source="kernel" AND "removing non-empty directory" AND "net/rpc"🔗 References
- https://git.kernel.org/stable/c/3c94212b57bedec3a386ef3da1ef00602f5c3d1d
- https://git.kernel.org/stable/c/412534a1fb76958b88dca48360c6f3ad4f3390f4
- https://git.kernel.org/stable/c/6acf340f8c1d296bcf535986175f5d0d6f2aab09
- https://git.kernel.org/stable/c/7701c245ff1ac1a126bf431e72b24547519046ff
- https://git.kernel.org/stable/c/8785701fd7cd52ae74c0d2b35b82568df74e9dbb
- https://git.kernel.org/stable/c/b92397ce96743e4cc090207e2df2a856cb4cef08
- https://git.kernel.org/stable/c/d0877c479f44fe475f4c8c02c88ce9ad43e90298
- https://git.kernel.org/stable/c/e8d6f3ab59468e230f3253efe5cb63efa35289f7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
