CVE-2025-21900

Published: Apr 1, 2025Modified: Oct 1, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the application call to close(). When that happens, the call to put_nfs_open_context() can trigger a synchronous delegreturn call which deadlocks because it is not marked as privileged. Instead, ensure that the call to nfs4_inode_return_delegation_on_close() catches the delegreturn, and schedules it asynchronously.

Affected (6)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.11 to 6.12.18
Linux Linux Kernel	From 6.13 to 6.13.6
Linux Linux Kernel	Version 6.14 rc1
Linux Linux Kernel	Version 6.14 rc2
Linux Linux Kernel	Version 6.14 rc3
Linux Linux Kernel	Version 6.14 rc4

Related CWEs

CWE-667

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://git.kernel.org/stable/c/4fe4ae6c2e01d028856b73b6328b12b8945df871

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/8f8df955f078e1a023ee55161935000a67651f38

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f41a60bc43e7abbc636fee78bed0d74c31e738b0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.