Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

      July 11, 2025

      Vibe Loop: AI-native reliability engineering for the real world

      July 10, 2025

      Docker Compose gets new features for building and running agents

      July 10, 2025

      Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

      July 10, 2025

      This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

      July 11, 2025

      These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

      July 11, 2025

      OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

      July 11, 2025

      Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

      July 11, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Regolith – A JavaScript library immune to ReDoS attacks

      July 11, 2025
      Recent

      Regolith – A JavaScript library immune to ReDoS attacks

      July 11, 2025

      Create Your Own Redux: Build a Custom State Management in React

      July 11, 2025

      Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

      July 11, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

      July 11, 2025
      Recent

      This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

      July 11, 2025

      These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

      July 11, 2025

      OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

      July 11, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-38338 – “NFS Linux Kernel Deadlock and Unlocked Folio Vulnerability”

    CVE-2025-38338 – “NFS Linux Kernel Deadlock and Unlocked Folio Vulnerability”

    July 10, 2025

    CVE ID : CVE-2025-38338

    Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

    Description : In the Linux kernel, the following vulnerability has been resolved:

    fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()

    Sometimes, when a file was read while it was being truncated by
    another NFS client, the kernel could deadlock because folio_unlock()
    was called twice, and the second call would XOR back the `PG_locked`
    flag.

    Most of the time (depending on the timing of the truncation), nobody
    notices the problem because folio_unlock() gets called three times,
    which flips `PG_locked` back off:

    1. vfs_read, nfs_read_folio, … nfs_read_add_folio,
    nfs_return_empty_folio
    2. vfs_read, nfs_read_folio, … netfs_read_collection,
    netfs_unlock_abandoned_read_pages
    3. vfs_read, … nfs_do_read_folio, nfs_read_add_folio,
    nfs_return_empty_folio

    The problem is that nfs_read_add_folio() is not supposed to unlock the
    folio if fscache is enabled, and a nfs_netfs_folio_unlock() check is
    missing in nfs_return_empty_folio().

    Rarely this leads to a warning in netfs_read_collection():

    ————[ cut here ]————
    R=0000031c: folio 10 is not locked
    WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00
    […]
    Workqueue: events_unbound netfs_read_collection_worker
    RIP: 0010:netfs_read_collection+0x7c0/0xf00
    […]
    Call Trace:

    netfs_read_collection_worker+0x67/0x80
    process_one_work+0x12e/0x2c0
    worker_thread+0x295/0x3a0

    Most of the time, however, processes just get stuck forever in
    folio_wait_bit_common(), waiting for `PG_locked` to disappear, which
    never happens because nobody is really holding the folio lock.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-38339 – Linux Kernel PowerPC BPF Trampoline JIT Code Size Calculation Vulnerability
    Next Article CVE-2025-38335 – Linux Kernel gpio-keys Soft Lockup Vulnerability

    Related Posts

    Development

    Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

    July 11, 2025
    Development

    Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

    July 11, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-28128 – Mytel Telecom Online Account System Authentication Bypass

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-48786 – Apache HTTP Server Cross-Site Request Forgery

    Common Vulnerabilities and Exposures (CVEs)

    Microsoft could ditch OpenAI’s high-stake for-profit talks: “Holding out is Microsoft’s nuclear option, and they are just making OpenAI sweat”

    News & Updates

    CVE-2025-32982 – NETSCOUT nGeniusONE Broken Authorization Schema Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    CVE-2025-6943 – Thycotic Secret Server SQL Injection Vulnerability

    July 2, 2025

    CVE ID : CVE-2025-6943

    Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

    Description : Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.

    Severity: 3.8 | LOW

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    CVE-2025-6041 – WordPress yContributors CSRF

    July 3, 2025

    Top 5 desktop PC case features that I can’t live without — and neither should you

    June 17, 2025

    CVE-2025-52974 – Apache HTTP Server Command Injection

    June 24, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.