Hello, A security vulnerability in the Linux kernel SUNRPC subsystem has been assigned CVE-2025-38089. This issue allows a remote attacker to trigger a kernel crash (NULL pointer dereference) by sending a specially crafted RPC request to an affected NFS server.
Details: - CVE: CVE-2025-38089 - Subsystem: NFS/SUNRPC - Impact: Remote Denial of Service (kernel crash) - Affected versions: Mainline Linux kernel since commit 29cd2927fb914cc53b5ba4f67d2b74695c994ba4 up to and including versions before the fix - Fixed in: Upstream commit 94d10a4dba0bc482f2b01e39f06d5513d0f75742 Description: A remote attacker can cause a NULL pointer dereference and crash the kernel by sending a specially crafted RPC request to a vulnerable NFS server. The vulnerability is due to improper handling of the `rqstp->rq_accept_statp` pointer, which may remain NULL and be dereferenced in error handling code paths. In some cases, this could also result in a use-after-free. Reproducer: A public proof-of-concept (PoC) is available at: https://github.com/keymaker-arch/NFSundown Timeline: - Reported to Linux kernel community: 2025-06-16 - Patch merged upstream: 2025-06-22 - CVE assigned and public: 2025-06-30 Best regards, Tianshuo Han
