5.5

CVE-2025-39688

nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()

In the Linux kernel, the following vulnerability has been resolved:

nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()

The pynfs DELEG8 test fails when run against nfsd. It acquires a
delegation and then lets the lease time out. It then tries to use the
deleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets
bad NFS4ERR_BAD_STATEID instead.

When a delegation is revoked, it's initially marked with
SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked
with the SC_STATUS_FREEABLE flag, which denotes that it is waiting for
s FREE_STATEID call.

nfs4_lookup_stateid() accepts a statusmask that includes the status
flags that a found stateid is allowed to have. Currently, that mask
never includes SC_STATUS_FREEABLE, which means that revoked delegations
are (almost) never found.

Add SC_STATUS_FREEABLE to the always-allowed status flags, and remove it
from nfsd4_delegreturn() since it's now always implied.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.11.6 < 6.12
LinuxLinux Kernel Version >= 6.12.1 < 6.12.23
LinuxLinux Kernel Version >= 6.13 < 6.13.11
LinuxLinux Kernel Version >= 6.14 < 6.14.2
LinuxLinux Kernel Version6.12 Update-
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
LinuxLinux Kernel Version6.12 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.129
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/52e209203c35a4fbff8af23cd3613efe5df40102
Patch
https://git.kernel.org/stable/c/dc6f3295905d7185e71091870119a8c11c3808cc
Patch
https://git.kernel.org/stable/c/5bcb44e650bc4ec7eac23df90c5e011a77fa2beb
Patch
https://git.kernel.org/stable/c/d1bc15b147d35b4cb7ca99a9a7d79d41ca342c13
Patch