Filehandle Bounds Checking Vulnerability in Linux Kernel NFS
CVE-2025-39730

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 September 2025

What is CVE-2025-39730?

A vulnerability exists in the NFS implementation of the Linux kernel which compromises filehandle bounds checking. Specifically, the function nfs_fh_to_dentry() fails to validate the minimum length of the filehandle before it accesses its embedded content. This oversight can lead to potential information disclosure or, in some scenarios, could be leveraged for more critical exploits. Developers and system administrators should ensure they are implementing the latest patches to mitigate any potential risks associated with this issue.

Affected Version(s)

Linux 20fa19027286983ab2734b5910c4a687436e0c31 < 7f8eca87fef7519e9c41f3258f25ebc2752247ee

Linux 20fa19027286983ab2734b5910c4a687436e0c31

Linux 20fa19027286983ab2734b5910c4a687436e0c31 < 3570ef5c31314c13274c935a20b91768ab5bf412

References

https://git.kernel.org/stable/c/7f8eca87fef7519e9c41f3258...

https://git.kernel.org/stable/c/cb09afa0948d96b1e385d609e...

https://git.kernel.org/stable/c/3570ef5c31314c13274c935a2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2025
Vulnerability Reserved
Apr 16, 2025