CVE-2025-38691
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's pNFS block/scsi layout code where uninitialized pointers in the 'layoutupdate_pages' array can be dereferenced during extent encoding retries. This affects Linux systems using pNFS with block or scsi layouts. The vulnerability can lead to kernel crashes or potential privilege escalation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel mode if combined with other vulnerabilities.
Likely Case
Kernel crash or system instability when pNFS operations encounter many extents without preallocation.
If Mitigated
System remains stable with proper patching or workarounds in place.
🎯 Exploit Status
Exploitation requires access to trigger pNFS operations with specific extent patterns. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (see references for specific commits)
Vendor Advisory: https://git.kernel.org/stable/c/24334f3cf8a294f253071b5bf22d754dbb6d0f2d
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repository. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable pNFS block/scsi layouts
LinuxTemporarily disable pNFS block and scsi layout usage if not required
echo 0 > /sys/module/nfs/parameters/enable_legacy_disk
echo 0 > /sys/module/nfs/parameters/enable_scsi
🧯 If You Can't Patch
- Avoid writing large files without preallocation on pNFS mounts
- Monitor system logs for kernel panic or oops messages related to pNFS operations
🔍 How to Verify
Check if Vulnerable:
Check if system uses pNFS with block/scsi layouts and has unpatched kernel. Run: cat /proc/version | grep -E '4\.|5\.|6\.' to check kernel version.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and check that pNFS operations complete without errors. Monitor dmesg for pNFS-related errors.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in dmesg
- System crashes during file operations on pNFS mounts
- pNFS-related error messages in system logs
Network Indicators:
- Unusual NFS traffic patterns
- Failed NFS operations
SIEM Query:
source="kernel" AND ("pNFS" OR "layoutupdate" OR "ext_tree") AND ("panic" OR "oops" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/24334f3cf8a294f253071b5bf22d754dbb6d0f2d
- https://git.kernel.org/stable/c/2896f101110076ac6bf99d7aaf463d61e26f89dd
- https://git.kernel.org/stable/c/37c3443a2685528f972d910a6fb87716b96fef46
- https://git.kernel.org/stable/c/4f783333cbfa2ee7d4aa8e47f6bd1b3f77534fcf
- https://git.kernel.org/stable/c/579b85f893d9885162e1cabf99a4a088916e143e
- https://git.kernel.org/stable/c/94ec6d939031a616474376dadbf4a8d0ef8b0bcc
- https://git.kernel.org/stable/c/9768797c219326699778fba9cd3b607b2f1e7950
- https://git.kernel.org/stable/c/9be5c04beca3202d0a5f09fb4b2ecb644caa0bc5
- https://git.kernel.org/stable/c/f0b2eee3fbba9b7e3746ef698424ef5e4a197776
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
