CVE-2025-40212: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40212 is a vulnerability discovered in the Linux kernel's NFS server (nfsd) implementation, specifically in the nfsdsetfh_dentry() function. The vulnerability was published to the CVE List and included in the NVD dataset on November 24, 2025 (NVD).

The vulnerability stems from a refcount leak in the nfsdsetfhdentry() function. The issue occurs because nfsd exports a 'pseudo root filesystem' used by NFSv4 to find exported filesystems using LOOKUP requests from a known root filehandle. When NFSv3 clients (which use the MOUNT protocol) attempt to use a filehandle from that filesystem, nfsdsetfhdentry() reports an error but still stores the export in 'struct svcfh' while dropping the reference (expput()). This leads to an extra reference being dropped during fh_put() (NVD).

The vulnerability can lead to use-after-free conditions and potential denial of service in the Linux kernel's NFS server implementation. However, it's important to note that this issue can only be triggered when a client synthesizes an incorrect filehandle, as normal NFS usage will not provide a pseudo-root filehandle to a v3 client (NVD).

The fix involves modifying the code to move the assignments to the svc_fh later, after all possible error cases have been detected. This prevents the reference count issue from occurring (NVD).