{"uuid": "fc038030-f4c5-4681-9390-e63ab2ab880f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37871", "type": "seen", "source": "https://t.me/cvedetector/24938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37871 - Linux Kernel NFSd Deadlock Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37871 \nPublished : May 9, 2025, 7:16 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfsd: decrease sc_count directly if fail to queue dl_recall  \n  \nA deadlock warning occurred when invoking nfs4_put_stid following a failed  \ndl_recall queue operation:  \n            T1                            T2  \n                                nfs4_laundromat  \n                                 nfs4_get_client_reaplist  \n                                  nfs4_anylock_blockers  \n__break_lease  \n spin_lock // ctx->flc_lock  \n                                   spin_lock // clp->cl_lock  \n                                   nfs4_lockowner_has_blockers  \n                                    locks_owner_has_blockers  \n                                     spin_lock // flctx->flc_lock  \n nfsd_break_deleg_cb  \n  nfsd_break_one_deleg  \n   nfs4_put_stid  \n    refcount_dec_and_lock  \n     spin_lock // clp->cl_lock  \n  \nWhen a file is opened, an nfs4_delegation is allocated with sc_count  \ninitialized to 1, and the file_lease holds a reference to the delegation.  \nThe file_lease is then associated with the file through kernel_setlease.  \n  \nThe disassociation is performed in nfsd4_delegreturn via the following  \ncall chain:  \nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg -->  \nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease  \nThe corresponding sc_count reference will be released after this  \ndisassociation.  \n  \nSince nfsd_break_one_deleg executes while holding the flc_lock, the  \ndisassociation process becomes blocked when attempting to acquire flc_lock  \nin generic_delete_lease. This means:  \n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;  \n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to  \nacquire cl_lock;  \n3) Consequently, no deadlock condition is created.  \n  \nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can  \nsafely perform refcount_dec on sc_count directly. This approach  \neffectively avoids triggering deadlock warnings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T10:22:07.000000Z"}