-

CVE-2025-38430

EPSS 0.04%
Published 25.07.2025 15:15:27
Last modified 25.07.2025 15:29:19
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request

If the request being processed is not a v4 compound request, then
examining the cstate can have undefined results.

This patch adds a check that the rpc procedure being executed
(rq_procinfo) is the NFSPROC4_COMPOUND procedure.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < bf78a2706ce975981eb5167f2d3b609eb5d24c19

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b1d0323a09a29f81572c7391e0d80d78724729c9

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 425efc6b3292a3c79bfee4a1661cf043dcd9cf2f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 64a723b0281ecaa59d31aad73ef8e408a84cb603

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < e7e943ddd1c6731812357a28e7954ade3a7d8517

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 7a75a956692aa64211a9e95781af1ec461642de4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2c54bd5a380ebf646fb9efbc4ae782ff3a83a5af

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1244f0b2c3cecd3f349a877006e67c9492b41807

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.295

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/1244f0b2c3cecd3f349a877006e67c9492b41807

https://git.kernel.org/stable/c/2c54bd5a380ebf646fb9efbc4ae782ff3a83a5af

https://git.kernel.org/stable/c/425efc6b3292a3c79bfee4a1661cf043dcd9cf2f

https://git.kernel.org/stable/c/64a723b0281ecaa59d31aad73ef8e408a84cb603

https://git.kernel.org/stable/c/7a75a956692aa64211a9e95781af1ec461642de4

https://git.kernel.org/stable/c/b1d0323a09a29f81572c7391e0d80d78724729c9

https://git.kernel.org/stable/c/bf78a2706ce975981eb5167f2d3b609eb5d24c19

https://git.kernel.org/stable/c/e7e943ddd1c6731812357a28e7954ade3a7d8517

https://nvd.nist.gov/vuln/detail/CVE-2025-38430

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38430

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38430

EUVD