CVE-2025-38232: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's NFSD module, identified as CVE-2025-38232. The issue occurs between nfsd registration and exports_proc operations, where nfsd calls create_proc_exports_entry() at the start of init_nfsd and performs cleanup via remove_proc_entry() at the end of exit_nfsd. This vulnerability was disclosed on July 4, 2025, affecting both Linux kernel 5.4 and the latest 6.14 versions (NVD, CVE).

The vulnerability manifests as a race condition between two specific operations: (i) exportfs -r and (ii) mount -t nfsd none /proc/fs/nfsd. When triggered, it results in kernel OOPs (crashes) that can occur at either exports_net_open() or cache_seq_next_rcu(). The issue affects both ARM64 architecture and the latest 6.14 kernel versions. The crash can be consistently reproduced using a simple script that continuously executes exportfs commands while simultaneously loading and unloading the nfsd module (NVD).

When exploited, this vulnerability causes kernel OOPs (crashes) due to NULL pointer dereference at virtual address 0000000000000010, potentially leading to system instability and denial of service conditions. The issue affects the kernel's NFS server functionality, which could impact systems relying on NFS services (NVD).

The fix involves changing the order of operations in the nfsd module, ensuring that exporting interfaces to user space is done last and cleanup is performed first. This modification eliminates the race condition and prevents the kernel OOPs from occurring (NVD).