CVE-2025-22024

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc6+

Description A vulnerability in the Linux kernel has been resolved, related to the management of listener transports in the nfsd module. When no active threads are running, a root user using the nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by increasing the number of threads, leading to a use-after-free issue. The vulnerability is caused by the nfsd nl listener set doit() function manipulating the list of transports of the server's sv permsocks and closing the specified listener, but not updating the other list of transports (server's sp xprts list).

Recommendations To resolve the issue, update the Linux kernel to a version newer than 6.13.0-rc6+. As a temporary workaround, consider restricting access to the nfsdctl command to prevent exploitation. Additionally, avoid using the nfsdctl command to remove listeners when no active threads are running, as this can trigger the vulnerability.