{"id":"CVE-2025-38567","summary":"nfsd: avoid ref leak in nfsd_open_local_fh()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: avoid ref leak in nfsd_open_local_fh()\n\nIf two calls to nfsd_open_local_fh() race and both successfully call\nnfsd_file_acquire_local(), they will both get an extra reference to the\nnet to accompany the file reference stored in *pnf.\n\nOne of them will fail to store (using xchg()) the file reference in\n*pnf and will drop that reference but WON'T drop the accompanying\nreference to the net.  This leak means that when the nfs server is shut\ndown it will hang in nfsd_shutdown_net() waiting for\n&nn-\u003enfsd_net_free_done.\n\nThis patch adds the missing nfsd_net_put().","modified":"2026-05-15T11:54:00.798926997Z","published":"2025-08-19T17:02:48.306Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38567.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/c4bf8f26c51e51bbb840935659a7b3b65a802c07"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5a73150776f18547ee685c9f6bfafe549714899"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcb0a417fddb605530c4837e0996620f8ed38023"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38567.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38567"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.15.10"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.16.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38567.json"}}],"schema_version":"1.7.5"}