CVE-2025-37871 Affecting kernel-rt-trace-kvm package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS7-KERNELRTTRACEKVM-10103502
- published9 May 2025
- disclosed9 May 2025
Introduced: 9 May 2025
NewCVE-2025-37871 (opens in a new tab)How to fix?
There is no fixed version for Centos:7 kernel-rt-trace-kvm.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-trace-kvm package and not the kernel-rt-trace-kvm package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
nfsd: decrease sc_count directly if fail to queue dl_recall
A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock
When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease.
The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation.
Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means:
- sc_count in nfsd_break_one_deleg will not be decremented to 0;
- The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock;
- Consequently, no deadlock condition is created.
Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings.
References
- https://access.redhat.com/security/cve/CVE-2025-37871
- https://git.kernel.org/stable/c/14985d66b9b99c12995dd99d1c6c8dec4114c2a5
- https://git.kernel.org/stable/c/7d192e27a431026c58d60edf66dc6cd98d0c01fc
- https://git.kernel.org/stable/c/a1d14d931bf700c1025db8c46d6731aa5cf440f9
- https://git.kernel.org/stable/c/a70832d3555987035fc430ccd703acd89393eadb
- https://git.kernel.org/stable/c/a7fce086f6ca84db409b9d58493ea77c1978897c
- https://git.kernel.org/stable/c/b9bbe8f9d5663311d06667ce36d6ed255ead1a26
- https://git.kernel.org/stable/c/ba903539fff745d592d893c71b30e5e268a95413