{"id":"CVE-2025-38231","summary":"nfsd: Initialize ssc before laundromat_work to prevent NULL dereference","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.","modified":"2026-04-02T12:47:52.921357Z","published":"2025-07-04T13:37:44.978Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38231.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236"},{"type":"WEB","url":"https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38231.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38231"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a4bc287943f5695209ff36bdc89f17b48d68fae7"},{"fixed":"deaeb74ae9318252829c59a84a7d2316fc335660"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f4e44b393389c77958f7c58bf4415032b4cda15b"},{"fixed":"0fccf5f01ed28725cc313a66ca1247eef911d55e"},{"fixed":"a97668ec6d73dab237cd1c15efe012a10090a4ed"},{"fixed":"5060e1a5fef184bd11d298e3f0ee920d96a23236"},{"fixed":"d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"},{"fixed":"83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"},{"fixed":"b31da62889e6d610114d81dc7a6edbcaa503fcf8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38231.json"}}],"schema_version":"1.7.5"}