Linux Kernel NFS Race Condition Vulnerability in nfs_local_open_fh()

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's NFS (Network File System) implementation, specifically within the local I/O operations. The issue arises in the function nfs_local_open_fh(), where the handling of file structures can be improperly synchronized. After releasing a lock on the UUID, another CPU may prematurely free a file structure that was recently added, leading to potential data corruption or unexpected behavior. This vulnerability has been addressed by modifying the lock management to prevent such race conditions.

Impact

Exploitation of this vulnerability could lead to a race condition, allowing for improper synchronization of file operations, which could cause data corruption or unexpected behavior in NFS file handling.

Added: Jun 18, 2025, 11:57 AM

Updated: Jun 18, 2025, 11:57 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NFS Race Condition Vulnerability in nfs_local_open_fh()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating