NFSv4 COMPOUND Processing Issue in Linux Kernel Affects Memory Management
CVE-2025-40210

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-40210?

A vulnerability has been identified in the Linux Kernel affecting NFSv4 COMPOUND processing. This issue arises when an attacker is able to exploit the op count within the COMPOUND header. By crafting a specially designed request, the attacker can trigger the system to allocate an excessively large operation array. This leads to significant resource allocation issues, potentially causing system instability or a complete failure of the NFS daemon (nfsd). Mitigation steps involve re-establishing an operational limit for the number of commands in a COMPOUND request to prevent excessive memory allocations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3e7f011c255582d7c914133785bbba1990441713

Linux 6.17.8 <= 6.17.*

References

https://git.kernel.org/stable/c/b3ee7ce432289deac87b9d14e...

https://git.kernel.org/stable/c/3e7f011c255582d7c91413378...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Apr 16, 2025

JSON