What is the CVSS score of CVE-2025-38393?

CVE-2025-38393 has a CVSS 3.1 base score of 4.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2025-38393?

Yes, a patch is available for CVE-2025-38393. Update the affected software to the latest version immediately.

Linux Kernel CVE-2025-38393

MEDIUM

Race Condition (CWE-362)

2025-07-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Information Disclosure Linux Race Condition Red Hat Debian Linux Suse

4.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 13:30 vuln.today

CVE Published

Jul 25, 2025 - 13:15 nvd

MEDIUM 4.7

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count was zero.

It seems most likely that this is another race between the waiter and waker similar to commit ed0172af5d6f ("SUNRPC: Fix a race to wake a sync task"). Fix it up by applying the advised barrier.

AnalysisAI

Race condition in Linux kernel NFSv4/pNFS layout draining allows local authenticated users to trigger denial of service through system hangs in writeback operations. The vulnerability exists in pnfs_update_layout() where a waiter on the NFS_LAYOUT_DRAIN bit can race with the waker when plh_outstanding count reaches zero, causing threads to block indefinitely on page locks. Patch available from upstream kernel stable branches.

Technical ContextAI

This vulnerability affects the parallel NFS (pNFS) layout management subsystem in the Linux kernel NFSv4 client implementation. pNFS enables striped data access across multiple data servers, with layout state tracked via pnfs_layout_hdr structures. The race condition occurs in the synchronization mechanism between pnfs_update_layout() waiters and the code path that wakes them when the NFS_LAYOUT_DRAIN bit is cleared. The root cause (CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization) mirrors a similar race fixed in SUNRPC (commit ed0172af5d6f), where a missing memory barrier allows the waker to complete before the waiter reaches the wait primitive, leaving the waiter blocked indefinitely. The plh_outstanding reference count tracks active I/O operations; when it reaches zero without proper barrier semantics, the waker and waiter can race, causing system hangs in NFS writeback paths.

RemediationAI

Apply the vendor-released patch from the stable kernel branches. Users should update to a kernel version containing one of the upstream fixes: commit 08287df60bac (or later equivalent in their stable branch). For systems unable to patch immediately, mitigate by reducing NFS pNFS workload intensity and monitoring for unexpected system hangs during writeback operations; consider temporarily disabling pNFS if available in NFS mount options (mount with 'nopnfs' or equivalent filesystem option, though this may reduce performance). Debian LTS users should apply updates from debian-lts-announce advisories (October 2025 announcements). Siemens customers should refer to ssa-082556 for product-specific patch availability. Kernel rebuild from patched source is feasible for custom kernels. Note that mitigations through configuration are temporary; patching is the only permanent fix for this race condition.