Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      CodeSOD: A Unique Way to Primary Key

      July 22, 2025

      BrowserStack launches Figma plugin for detecting accessibility issues in design phase

      July 22, 2025

      Parasoft brings agentic AI to service virtualization in latest release

      July 22, 2025

      Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

      July 21, 2025

      The best CRM software with email marketing in 2025: Expert tested and reviewed

      July 22, 2025

      This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

      July 22, 2025

      I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

      July 22, 2025

      8 ways I quickly leveled up my Linux skills – and you can too

      July 22, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025
      Recent

      The Intersection of Agile and Accessibility – A Series on Designing for Everyone

      July 22, 2025

      Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

      July 22, 2025

      Execute Ping Commands and Get Back Structured Data in PHP

      July 22, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025
      Recent

      A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

      July 22, 2025

      “I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

      July 22, 2025

      Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

      July 22, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-38232 – Linux NFSd Race Condition Vulnerability

    CVE-2025-38232 – Linux NFSd Race Condition Vulnerability

    July 4, 2025

    CVE ID : CVE-2025-38232

    Published : July 4, 2025, 2:15 p.m. | 4 hours, 57 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    NFSD: fix race between nfsd registration and exports_proc

    As of now nfsd calls create_proc_exports_entry() at start of init_nfsd
    and cleanup by remove_proc_entry() at last of exit_nfsd.

    Which causes kernel OOPs if there is race between below 2 operations:
    (i) exportfs -r
    (ii) mount -t nfsd none /proc/fs/nfsd

    for 5.4 kernel ARM64:

    CPU 1:
    el1_irq+0xbc/0x180
    arch_counter_get_cntvct+0x14/0x18
    running_clock+0xc/0x18
    preempt_count_add+0x88/0x110
    prep_new_page+0xb0/0x220
    get_page_from_freelist+0x2d8/0x1778
    __alloc_pages_nodemask+0x15c/0xef0
    __vmalloc_node_range+0x28c/0x478
    __vmalloc_node_flags_caller+0x8c/0xb0
    kvmalloc_node+0x88/0xe0
    nfsd_init_net+0x6c/0x108 [nfsd]
    ops_init+0x44/0x170
    register_pernet_operations+0x114/0x270
    register_pernet_subsys+0x34/0x50
    init_nfsd+0xa8/0x718 [nfsd]
    do_one_initcall+0x54/0x2e0

    CPU 2 :
    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010

    PC is at : exports_net_open+0x50/0x68 [nfsd]

    Call trace:
    exports_net_open+0x50/0x68 [nfsd]
    exports_proc_open+0x2c/0x38 [nfsd]
    proc_reg_open+0xb8/0x198
    do_dentry_open+0x1c4/0x418
    vfs_open+0x38/0x48
    path_openat+0x28c/0xf18
    do_filp_open+0x70/0xe8
    do_sys_open+0x154/0x248

    Sometimes it crashes at exports_net_open() and sometimes cache_seq_next_rcu().

    and same is happening on latest 6.14 kernel as well:

    [ 0.000000] Linux version 6.14.0-rc5-next-20250304-dirty
    …
    [ 285.455918] Unable to handle kernel paging request at virtual address 00001f4800001f48
    …
    [ 285.464902] pc : cache_seq_next_rcu+0x78/0xa4
    …
    [ 285.469695] Call trace:
    [ 285.470083] cache_seq_next_rcu+0x78/0xa4 (P)
    [ 285.470488] seq_read+0xe0/0x11c
    [ 285.470675] proc_reg_read+0x9c/0xf0
    [ 285.470874] vfs_read+0xc4/0x2fc
    [ 285.471057] ksys_read+0x6c/0xf4
    [ 285.471231] __arm64_sys_read+0x1c/0x28
    [ 285.471428] invoke_syscall+0x44/0x100
    [ 285.471633] el0_svc_common.constprop.0+0x40/0xe0
    [ 285.471870] do_el0_svc_compat+0x1c/0x34
    [ 285.472073] el0_svc_compat+0x2c/0x80
    [ 285.472265] el0t_32_sync_handler+0x90/0x140
    [ 285.472473] el0t_32_sync+0x19c/0x1a0
    [ 285.472887] Code: f9400885 93407c23 937d7c27 11000421 (f86378a3)
    [ 285.473422] —[ end trace 0000000000000000 ]—

    It reproduced simply with below script:
    while [ 1 ]
    do
    /exportfs -r
    done &

    while [ 1 ]
    do
    insmod /nfsd.ko
    mount -t nfsd none /proc/fs/nfsd
    umount /proc/fs/nfsd
    rmmod nfsd
    done &

    So exporting interfaces to user space shall be done at last and
    cleanup at first place.

    With change there is no Kernel OOPs.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-38227 – Linux Vidtv Slab Use-After-Free Vulnerability
    Next Article CVE-2025-38231 – Linux Kernel NFSd NULL Pointer Dereference Vulnerability

    Related Posts

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

    July 22, 2025
    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-7393 – Drupal Mail Login Authentication Bypass

    July 22, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-53622 – DSpace Tomcat Path Traversal Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    OpenRefine – desktop program for data cleanup and transformation

    Linux

    Highlights

    CVE-2025-32889 – goTenna Hardcoded Verification Token Vulnerability

    May 1, 2025

    CVE ID : CVE-2025-32889

    Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

    Description : An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.

    Severity: 7.3 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    CVE-2025-3052 – Microsoft UEFI Firmware Arbitrary Write Vulnerability

    June 10, 2025

    dnsdock – DNS server for automatic docker container discovery

    July 10, 2025

    LWiAI Podcast #208 – Claude Integrations, ChatGPT Sycophancy, Leaderboard Cheats

    May 10, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.