CVE-2025-38724: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38724 is a vulnerability discovered in the Linux kernel's Network File System daemon (nfsd) component, specifically in the nfsd4_setclientid_confirm() function. The vulnerability was reported by Lei Lu and disclosed on September 4, 2025. It affects various versions of the Linux kernel running on Red Hat Enterprise Linux and other Linux distributions (NVD, Red Hat).

The vulnerability stems from a failure to check the return value from get_client_locked() in the nfsd4_setclientid_confirm() function. This can lead to a race condition where a SETCLIENTID_CONFIRM operation could race with a confirmed client expiring and fail to get a reference, potentially resulting in a Use-After-Free (UAF) condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.0, indicating moderate severity with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The vulnerability could potentially lead to a Use-After-Free (UAF) condition in the Linux kernel's NFS daemon. This type of vulnerability could result in system crashes, information disclosure, or potential privilege escalation in the affected systems (NVD).

The fix involves getting a reference early in cases where there is an extant confirmed client. If that fails, the system treats it as if there were no confirmed client found. In cases where the unconfirmed client is expiring, the system fails and returns the result from get_client_locked(). The fix has been implemented in various Linux kernel versions (NVD).