DEBIAN-CVE-2025-38231
In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference. Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes. Fix this by moving nfsd_ssc initialization before starting laundromat_work.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 0 |
| Debian:11 | linux | 5.10.179-4, 5.10.179-4, 5.10.113-1 |
| Debian:14 | linux | 0, 0 |
| Debian:11 | linux-6.1 | 6.1.140-1, 6.1.147-1, 6.1.148-1 |
| Debian:12 | linux | 6.1.52-1, *, 6.1.37-1 |
Exploit Intelligence
- 3510.3.8.yml (github-poc)
Timeline
- Jul 4, 2025 CVE Published
- Apr 28, 2026 CVE Updated