https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-06T04:50:10.372721+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/08aae369-dda4-4033-b7d9-389090e04278/export08aae369-dda4-4033-b7d9-389090e042782026-05-06T04:50:10.722341+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "08aae369-dda4-4033-b7d9-389090e04278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37871", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15700", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37871\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: decrease sc_count directly if fail to queue dl_recall\n\nA deadlock warning occurred when invoking nfs4_put_stid following a failed\ndl_recall queue operation:\n T1 T2\n nfs4_laundromat\n nfs4_get_client_reaplist\n nfs4_anylock_blockers\n__break_lease\n spin_lock // ctx->flc_lock\n spin_lock // clp->cl_lock\n nfs4_lockowner_has_blockers\n locks_owner_has_blockers\n spin_lock // flctx->flc_lock\n nfsd_break_deleg_cb\n nfsd_break_one_deleg\n nfs4_put_stid\n refcount_dec_and_lock\n spin_lock // clp->cl_lock\n\nWhen a file is opened, an nfs4_delegation is allocated with sc_count\ninitialized to 1, and the file_lease holds a reference to the delegation.\nThe file_lease is then associated with the file through kernel_setlease.\n\nThe disassociation is performed in nfsd4_delegreturn via the following\ncall chain:\nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg -->\nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease\nThe corresponding sc_count reference will be released after this\ndisassociation.\n\nSince nfsd_break_one_deleg executes while holding the flc_lock, the\ndisassociation process becomes blocked when attempting to acquire flc_lock\nin generic_delete_lease. This means:\n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;\n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to\nacquire cl_lock;\n3) Consequently, no deadlock condition is created.\n\nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can\nsafely perform refcount_dec on sc_count directly. This approach\neffectively avoids triggering deadlock warnings.\n\ud83d\udccf Published: 2025-05-09T06:43:59.720Z\n\ud83d\udccf Modified: 2025-05-09T06:43:59.720Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26\n2. https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb\n3. https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413\n4. https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc\n5. https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c\n6. https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5\n7. https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9", "creation_timestamp": "2025-05-09T07:25:47.000000Z"}2025-05-09T07:25:47+00:00https://vulnerability.circl.lu/sighting/fc038030-f4c5-4681-9390-e63ab2ab880f/exportfc038030-f4c5-4681-9390-e63ab2ab880f2026-05-06T04:50:10.720060+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "fc038030-f4c5-4681-9390-e63ab2ab880f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37871", "type": "seen", "source": "https://t.me/cvedetector/24938", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-37871 - Linux Kernel NFSd Deadlock Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-37871 \nPublished : May 9, 2025, 7:16 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnfsd: decrease sc_count directly if fail to queue dl_recall \n \nA deadlock warning occurred when invoking nfs4_put_stid following a failed \ndl_recall queue operation: \n T1 T2 \n nfs4_laundromat \n nfs4_get_client_reaplist \n nfs4_anylock_blockers \n__break_lease \n spin_lock // ctx->flc_lock \n spin_lock // clp->cl_lock \n nfs4_lockowner_has_blockers \n locks_owner_has_blockers \n spin_lock // flctx->flc_lock \n nfsd_break_deleg_cb \n nfsd_break_one_deleg \n nfs4_put_stid \n refcount_dec_and_lock \n spin_lock // clp->cl_lock \n \nWhen a file is opened, an nfs4_delegation is allocated with sc_count \ninitialized to 1, and the file_lease holds a reference to the delegation. \nThe file_lease is then associated with the file through kernel_setlease. \n \nThe disassociation is performed in nfsd4_delegreturn via the following \ncall chain: \nnfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> \nnfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease \nThe corresponding sc_count reference will be released after this \ndisassociation. \n \nSince nfsd_break_one_deleg executes while holding the flc_lock, the \ndisassociation process becomes blocked when attempting to acquire flc_lock \nin generic_delete_lease. This means: \n1) sc_count in nfsd_break_one_deleg will not be decremented to 0; \n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to \nacquire cl_lock; \n3) Consequently, no deadlock condition is created. \n \nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can \nsafely perform refcount_dec on sc_count directly. This approach \neffectively avoids triggering deadlock warnings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T10:22:07.000000Z"}2025-05-09T10:22:07+00:00