NFSv4 Client Vulnerability in Linux Kernel Affects NFSD Functionality
CVE-2025-40326

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40326?

A vulnerability in the NFSD component of the Linux kernel affects how NFSv4 clients handle certain GETATTR requests for new FATTR4 attributes. When clients attempt to query these attributes improperly, the server does not have a defined response, leading to potential failures in request handling. This issue adheres to the stipulations outlined in RFCs, which state that the server must return an appropriate error when unsupported attributes are requested. The failure to manage these requests correctly can cause significant disruptions in NFS operations.

Affected Version(s)

Linux 51c0d4f7e317d3cb4a3001e502bd8ca2d57f2a4b

Linux 51c0d4f7e317d3cb4a3001e502bd8ca2d57f2a4b < 4f76435fd517981f01608678c06ad9718a86ee98

Linux 6.14

References

https://git.kernel.org/stable/c/d8f3f94dc950e7c62c96af432...

https://git.kernel.org/stable/c/4f76435fd517981f01608678c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON