{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T20:13:05.410413600Z","vulnerabilities":[{"cve":{"id":"CVE-2025-37871","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-09T07:16:08.210","lastModified":"2025-11-12T19:45:36.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: decrease sc_count directly if fail to queue dl_recall\n\nA deadlock warning occurred when invoking nfs4_put_stid following a failed\ndl_recall queue operation:\n T1 T2\n nfs4_laundromat\n nfs4_get_client_reaplist\n nfs4_anylock_blockers\n__break_lease\n spin_lock // ctx->flc_lock\n spin_lock // clp->cl_lock\n nfs4_lockowner_has_blockers\n locks_owner_has_blockers\n spin_lock // flctx->flc_lock\n nfsd_break_deleg_cb\n nfsd_break_one_deleg\n nfs4_put_stid\n refcount_dec_and_lock\n spin_lock // clp->cl_lock\n\nWhen a file is opened, an nfs4_delegation is allocated with sc_count\ninitialized to 1, and the file_lease holds a reference to the delegation.\nThe file_lease is then associated with the file through kernel_setlease.\n\nThe disassociation is performed in nfsd4_delegreturn via the following\ncall chain:\nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg -->\nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease\nThe corresponding sc_count reference will be released after this\ndisassociation.\n\nSince nfsd_break_one_deleg executes while holding the flc_lock, the\ndisassociation process becomes blocked when attempting to acquire flc_lock\nin generic_delete_lease. This means:\n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;\n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to\nacquire cl_lock;\n3) Consequently, no deadlock condition is created.\n\nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can\nsafely perform refcount_dec on sc_count directly. This approach\neffectively avoids triggering deadlock warnings."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: disminuir sc_count directamente si no se puede poner en cola dl_recall Se produjo una advertencia de bloqueo al invocar nfs4_put_stid después de una operación de cola dl_recall fallida: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock Cuando se abre un archivo, se genera una nfs4_delegation asignado con sc_count inicializado a 1, y el file_lease contiene una referencia a la delegación. El file_lease se asocia entonces con el archivo a través de kernel_setlease. La disociación se realiza en nfsd4_delegreturn mediante la siguiente cadena de llamadas: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease La referencia sc_count correspondiente se liberará después de esta disociación. Dado que nfsd_break_one_deleg se ejecuta mientras mantiene el flc_lock, el proceso de disociación se bloquea al intentar adquirir flc_lock en generic_delete_lease. Esto significa: 1) sc_count en nfsd_break_one_deleg no se decrementará a 0; 2) El `nfs4_put_stid` llamado por `nfsd_break_one_deleg` no intentará adquirir `cl_lock`; 3) Por consiguiente, no se crea ninguna condición de interbloqueo. Dado que `sc_count` en `nfsd_break_one_deleg` permanece distinto de cero, podemos ejecutar `refcount_dec` en `sc_count` directamente. Este enfoque evita eficazmente la activación de advertencias de interbloqueo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.23","versionEndExcluding":"6.12.25","matchCriteriaId":"FC39818A-8C20-4C6C-8155-9E364AC53D54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.11","versionEndExcluding":"6.14","matchCriteriaId":"124AE182-7E9F-4410-9E08-5976ED49C6A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.2","versionEndExcluding":"6.14.4","matchCriteriaId":"ABA7F402-1511-4ECC-907D-578BA5B25742"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.10.236:*:*:*:*:*:*:*","matchCriteriaId":"9160FCF1-2EF7-4794-86E9-26699C94A1FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15.180:*:*:*:*:*:*:*","matchCriteriaId":"5BC2D57B-41D0-407A-94E2-C73578390691"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1.134:*:*:*:*:*:*:*","matchCriteriaId":"5712D157-5E0C-40C1-97C5-7256A0103FC7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6.87:*:*:*:*:*:*:*","matchCriteriaId":"D5321373-E31B-44C8-84D5-0AC97FF10114"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}