CVE-2025-38023

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc2-dirty #60

Description A vulnerability in the Linux kernel has been identified, where the allocation of nfs lock context in nfs get lock context() fails and returns -ENOMEM when memory is insufficient. If the nfs4 unlockdata structure is treated as valid and rpc run task() is executed, it triggers a NULL pointer dereference in nfs4 locku prepare(). This can cause a kernel NULL pointer dereference, leading to a system crash.

Recommendations For Linux kernel versions prior to 6.15.0-rc2-dirty #60, free the allocated nfs4 unlockdata when nfs get lock context() fails and return NULL to terminate subsequent rpc run task(), preventing NULL pointer dereference. As a temporary workaround, consider disabling the nfs get lock context() function until a patch is available. Restrict access to the vulnerable nfs4 locku prepare() function to minimize the risk of exploitation. Avoid using the nfs lock context variable in the affected kernel path until the issue is resolved.