CVE & CISA-KEV Catalog

CVE-2025-71090

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file. However, if the client already has a SHARE_ACCESS_READ open from a previous OPEN operation, this action overwrites the existing pointer without releasing its reference, orphaning the previous reference. Additionally, the function originally stored the same nfsd_file pointer in both fp->fi_fds[O_RDONLY] and fp->fi_rdeleg_file with only a single reference. When put_deleg_file() runs, it clears fi_rdeleg_file and calls nfs4_file_put_access() to release the file. However, nfs4_file_put_access() only releases fi_fds[O_RDONLY] when the fi_access[O_RDONLY] counter drops to zero. If another READ open exists on the file, the counter remains elevated and the nfsd_file reference from the delegation is never released. This potentially causes open conflicts on that file. Then, on server shutdown, these leaks cause __nfsd_file_cache_purge() to encounter files with an elevated reference count that cannot be cleaned up, ultimately triggering a BUG() in kmem_cache_destroy() because there are still nfsd_file objects allocated in that cache.

How to fix

Remediation Available
linuxDebian
Fixed in:6.18.5-1CVE-2025-71090
linuxUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-awsUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-aws-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-azureUbuntu
Fixed in:6.17.0-1015.15USN-8310-1
linux-azure-6.17Ubuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
linux-gcpUbuntu
Fixed in:6.17.0-1018.19USN-8374-1
linux-gcp-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
linux-hwe-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-6.17.0-1013-realtimeUbuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-6.17.0-1014-oracleUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-6.17.0-1014-oracle-64kUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-6.17.0-1015-awsUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-6.17.0-1015-aws-64kUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-6.17.0-1015-azureUbuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-6.17.0-1017-awsUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-image-6.17.0-1017-aws-64kUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-image-6.17.0-1017-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-6.17.0-1018-gcpUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-6.17.0-1018-gcp-64kUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-6.17.0-1023-oemUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-6.17.0-29-genericUbuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-6.17.0-29-generic-64kUbuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-awsUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-64kUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-64k-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-azureUbuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-azure-6.17Ubuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-gcpUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-64kUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-64k-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-genericUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64kUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64k-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-oem-24.04Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04aUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04bUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04cUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04dUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-6.17Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oracleUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-64kUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-64k-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-raspi-6.17Ubuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-realtimeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-6.17Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-hwe-24.04Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-hwe-24.04-edgeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-virtualUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-virtual-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-oem-6.17Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-oracleUbuntu
Fixed in:6.17.0-1014.14USN-8277-1
linux-oracle-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
linux-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-realtimeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-realtime-6.17Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.10%probability of exploitation in 30 days
1stpercentile

Low risk: more likely to be exploited than 1% of all known CVEs.

References

Embed a live status badge for CVE-2025-71090
CVE-2025-71090 severity badge

Markdown

[![CVE-2025-71090](https://tridentstack.com/cve/badge/CVE-2025-71090.svg)](https://tridentstack.com/cve/CVE-2025-71090)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-71090"><img src="https://tridentstack.com/cve/badge/CVE-2025-71090.svg" alt="CVE-2025-71090"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-25.