Main Vulnerability Database SB20251216199

SB20251216199 - Improper privilege management in Linux kernel nfs

Published: December 16, 2025

Security Bulletin ID SB20251216199

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2025-68242)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the nfs_setattr() function in fs/nfs/inode.c. A local user can read and manipulate data.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0e9be902041c6b9f0ed4b72764187eed1067a42f
https://git.kernel.org/stable/c/b2e4cda71ed062c87573b016d2d956a62f4258ed
https://git.kernel.org/stable/c/b623390045a81fc559decb9bfeb79319721d3dfb