Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease. The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation. Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means: 1) sc_count in nfsd_break_one_deleg will not be decremented to 0; 2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock; 3) Consequently, no deadlock condition is created. Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.12.23, < 6.12.25 |
| Debian | Debian Linux | 11.0 |
References
- https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5Patch
- https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fcPatch
- https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9Patch
- https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadbPatch
- https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897cPatch
- https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26Patch
- https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413Patch
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2025-37871?
CVE-2025-37871 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a fa...
How severe is CVE-2025-37871?
CVE-2025-37871 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-37871?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.