SB20250727110 - Input validation error in Linux kernel nfsd
Published: July 27, 2025
Security Bulletin ID
SB20250727110
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1244f0b2c3cecd3f349a877006e67c9492b41807
- https://git.kernel.org/stable/c/2c54bd5a380ebf646fb9efbc4ae782ff3a83a5af
- https://git.kernel.org/stable/c/425efc6b3292a3c79bfee4a1661cf043dcd9cf2f
- https://git.kernel.org/stable/c/64a723b0281ecaa59d31aad73ef8e408a84cb603
- https://git.kernel.org/stable/c/7a75a956692aa64211a9e95781af1ec461642de4
- https://git.kernel.org/stable/c/b1d0323a09a29f81572c7391e0d80d78724729c9
- https://git.kernel.org/stable/c/bf78a2706ce975981eb5167f2d3b609eb5d24c19
- https://git.kernel.org/stable/c/e7e943ddd1c6731812357a28e7954ade3a7d8517