CVE-2025-38724 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-38724?

CVE-2025-38724 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's NFS server (nfsd) allows attackers to potentially crash the kernel or execute arbitrary code. This affects Linux systems running NFS services with specific kernel versions. The vulnerability occurs when a race condition between client expiration and SETCLIENTID_CONFIRM operations leads to improper reference handling.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's NFS server (nfsd) allows attackers to potentially crash the kernel or execute arbitrary code. This affects Linux systems running NFS services with specific kernel versions. The vulnerability occurs when a race condition between client expiration and SETCLIENTID_CONFIRM operations leads to improper reference handling.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions referenced in the git commits (22f45cedf281e6171817c8a3432c44d788c550e1, 36e83eda90e0e4ac52f259f775b40b2841f8a0a3, 3f252a73e81aa01660cb426735eab932e6182e8d, 571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1, 74ad36ed60df561a303a19ecef400c7096b20306)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with NFS server (nfsd) enabled and running. The vulnerability is in the NFSv4 protocol implementation.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Kernel crash causing denial of service on affected NFS servers.

🟢

If Mitigated

No impact if NFS services are disabled or proper kernel patches are applied.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks could be targeted, but exploitation requires specific race conditions.

🏢 Internal Only: LOW - Internal attackers would need NFS access and specific timing to exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires race condition timing and NFS client access.

Exploitation requires an attacker to have NFS client access and trigger specific timing conditions between client expiration and SETCLIENTID_CONFIRM operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the referenced git commits

Vendor Advisory: https://git.kernel.org/stable/c/22f45cedf281e6171817c8a3432c44d788c550e1

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Check kernel version matches patched commits. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFS server

linux

Stop and disable nfsd services to eliminate attack surface

systemctl stop nfs-server
systemctl disable nfs-server

Restrict NFS access

linux

Limit NFS access to trusted networks only using firewall rules

iptables -A INPUT -p tcp --dport 2049 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -j DROP

🧯 If You Can't Patch

Disable NFSv4 protocol and use NFSv3 if possible
Implement strict network segmentation to isolate NFS servers from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if nfsd is running and kernel version matches affected commits: systemctl status nfs-server && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and nfsd service is either patched or disabled

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
NFS server crash logs
Unexpected nfsd process termination

Network Indicators:

Multiple rapid SETCLIENTID_CONFIRM requests from single source
Abnormal NFSv4 protocol patterns

SIEM Query:

source="kernel" AND ("panic" OR "Oops") OR source="nfsd" AND "crash"

📊 Metadata

CVE ID: CVE-2025-38724

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: September 4, 2025

Last Updated: January 8, 2026

🔗 References

https://git.kernel.org/stable/c/22f45cedf281e6171817c8a3432c44d788c550e1 Patch
https://git.kernel.org/stable/c/36e83eda90e0e4ac52f259f775b40b2841f8a0a3 Patch
https://git.kernel.org/stable/c/3f252a73e81aa01660cb426735eab932e6182e8d Patch
https://git.kernel.org/stable/c/571a5e46c71490285d2d8c06f6b5a7cbf6c7edd1 Patch
https://git.kernel.org/stable/c/74ad36ed60df561a303a19ecef400c7096b20306 Patch
https://git.kernel.org/stable/c/908e4ead7f757504d8b345452730636e298cbf68 Patch
https://git.kernel.org/stable/c/d35ac850410966010e92f401f4e21868a9ea4d8b Patch
https://git.kernel.org/stable/c/d71abd1ae4e0413707cd42b10c24a11d1aa71772 Patch
https://git.kernel.org/stable/c/f3aac6cf390d8b80e1d82975faf4ac61175519c0 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38724, you might also want to check these: