CVE-2025-38567
📋 TL;DR
A race condition in the Linux kernel's NFS server (nfsd) can cause a reference count leak when multiple processes attempt to open local file handles simultaneously. This leads to a memory leak that prevents the NFS server from shutting down cleanly, causing system hangs during shutdown. Only systems running the Linux kernel with NFS server enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes unresponsive during shutdown/reboot, requiring hard reset which could lead to filesystem corruption or data loss.
Likely Case
NFS server shutdown hangs indefinitely, requiring manual intervention to restart the system.
If Mitigated
No security impact, only availability impact during controlled shutdown scenarios.
🎯 Exploit Status
Requires race condition timing and local access to trigger. Not a security vulnerability but a reliability issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits c4bf8f26c51e51bbb840935659a7b3b65a802c07, e5a73150776f18547ee685c9f6bfafe549714899, or fcb0a417fddb605530c4837e0996620f8ed38023
Vendor Advisory: https://git.kernel.org/stable/c/c4bf8f26c51e51bbb840935659a7b3b65a802c07
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable NFS server
allIf NFS server functionality is not required, disable it to eliminate vulnerability.
systemctl stop nfs-server
systemctl disable nfs-server
🧯 If You Can't Patch
- Avoid shutting down NFS server while active connections exist
- Use graceful shutdown procedures and monitor for hanging processes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if NFS server is running: 'systemctl status nfs-server' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and test NFS server shutdown: 'systemctl stop nfs-server' should complete without hanging📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing nfsd shutdown hanging
- System logs showing extended shutdown times
Network Indicators:
- NFS server failing to stop cleanly
SIEM Query:
source="kernel" AND "nfsd" AND ("shutdown" OR "hang")