{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T06:56:58.412","vulnerabilities":[{"cve":{"id":"CVE-2025-38338","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-10T09:15:28.510","lastModified":"2025-11-18T12:52:58.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n    nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n    netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n    nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n  <TASK>\n  netfs_read_collection_worker+0x67/0x80\n  process_one_work+0x12e/0x2c0\n  worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/nfs/read: corrige error de doble desbloqueo en nfs_return_empty_folio() En ocasiones, cuando se leía un archivo mientras otro cliente NFS lo estaba truncando, el kernel podía bloquearse porque se llamaba a folio_unlock() dos veces y la segunda llamada XOR devolvería el indicador `PG_locked`. La mayoría de las veces (dependiendo del momento del truncamiento), nadie nota el problema porque folio_unlock() se llama tres veces, lo que desactiva `PG_locked`: 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio, nfs_return_empty_folio 2. vfs_read, nfs_read_folio, ... netfs_read_collection, netfs_unlock_abandoned_read_pages 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio, nfs_return_empty_folio El problema es que nfs_read_add_folio() no debe desbloquear el folio si fscache está habilitado, y falta una comprobación nfs_netfs_folio_unlock() en nfs_return_empty_folio(). En raras ocasiones, esto genera una advertencia en netfs_read_collection(): ------------[ cortar aquí ]------------ R=0000031c: el folio 10 no está bloqueado ADVERTENCIA: CPU: 0 PID: 29 en fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00 [...] Cola de trabajo: events_unbound netfs_read_collection_worker RIP: 0010:netfs_read_collection+0x7c0/0xf00 [...] Rastreo de llamadas:  netfs_read_collection_worker+0x67/0x80 process_one_work+0x12e/0x2c0worker_thread+0x295/0x3a0 Sin embargo, la mayoría de las veces, los procesos simplemente se quedan atascados para siempre en folio_wait_bit_common(), esperando que `PG_locked` desaparezca, lo que nunca sucede porque nadie está realmente reteniendo el cerradura de folio. "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.95","matchCriteriaId":"F17A70D5-5B72-4411-9C16-98EF57D0C931"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.35","matchCriteriaId":"E569FD34-0076-4428-BE17-EECCF867611C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.4","matchCriteriaId":"DFD174C5-1AA2-4671-BDDC-1A9FCC753655"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14f5549ad163be2c018abc1bb38370fff617a243","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e93b61d3eaa14bfebcc2716ac09d43f3845d420","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c10fa44bc5f700e2ea21de2fbae520ba21f19d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5bf0b9eeb0174686f22c2e5b8fb9f47ad25da6f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}