CVE-2025-21795

NFSD: fix hang in nfsd4_shutdown_callback

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4_shutdown_callback If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped. This patch modifies nfsd4_run_cb_work to skip the RPC call if nfs4_client is in courtesy state.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/abed68027ea3ab893ac85cc46a00e2e64a324239
https://git.kernel.org/stable/c/efa8a261c575f816c7e79a87aeb3ef8a0bd6b221
https://git.kernel.org/stable/c/38d345f612503b850c2973e5a879f88e441b34d7
https://git.kernel.org/stable/c/23ad7797c74cd8f7f90617f1e59a8703e2b43908
https://git.kernel.org/stable/c/cedfbb92cf97a6bff3d25633001d9c44442ee854
https://git.kernel.org/stable/c/e88d2451cd42e025465d6b51fd716a47b0b3800d
https://git.kernel.org/stable/c/036ac2778f7b28885814c6fbc07e156ad1624d03

Frequently Asked Questions

What is the severity of CVE-2025-21795?
CVE-2025-21795 has not yet been assigned a CVSS score.
How to fix CVE-2025-21795?
To fix CVE-2025-21795, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21795 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21795 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21795?
CVE-2025-21795 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.