CVE-2025-22024: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22024 is a vulnerability discovered in the Linux kernel affecting the Network File System daemon (nfsd) component. The vulnerability was disclosed on April 16, 2025, and involves issues with the management of listener transports in the nfsd service (NVD, Debian Tracker).

The vulnerability occurs when no active threads are running and a root user uses the nfsdctl command to remove a particular listener from the list of previously added ones, then starts the server by increasing the number of threads. The issue specifically manifests in the nfsd_nl_listener_set_doit() function, which manipulates the list of transports of server's sv_permsocks and closes the specified listener, but fails to update the server's sp_xprts list accordingly. This leads to a refcount_t addition on 0, resulting in a use-after-free condition (NVD).

The vulnerability can lead to use-after-free conditions in the Linux kernel's NFS daemon, potentially causing system instability or crashes. The issue affects systems running the NFS server functionality and requires root privileges to exploit (Debian Tracker).

The fix involves modifying the behavior when nfsdctl attempts to remove a listener. Instead of just manipulating the sv_permsocks list, the solution deletes all existing listener transports and recreates all-but-the-removed ones. Fixed versions are available in various Linux distributions, including Debian Bookworm (6.12.25-1) and Debian Sid (Debian Tracker).