Linux Kernel Vulnerability in NFS Procedure Handling
CVE-2025-38430

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38430?

In the Linux kernel, a vulnerability arises during the processing of NFS requests of type v4 compound. If the request is not properly handled, it may lead to undefined behavior when checking the state. This issue has been mitigated by a patch that ensures checks are performed specifically for the NFSPROC4_COMPOUND procedure, thereby enhancing the security and reliability of NFS operations in the kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 425efc6b3292a3c79bfee4a1661cf043dcd9cf2f

References

https://git.kernel.org/stable/c/bf78a2706ce975981eb5167f2...

https://git.kernel.org/stable/c/b1d0323a09a29f81572c7391e...

https://git.kernel.org/stable/c/425efc6b3292a3c79bfee4a16...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025