CVE-2025-40210

EPSS 0.03%
Veröffentlicht 21.11.2025 10:21:35
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"

In the Linux kernel, the following vulnerability has been resolved:

Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"

I've found that pynfs COMP6 now leaves the connection or lease in a
strange state, which causes CLOSE9 to hang indefinitely. I've dug
into it a little, but I haven't been able to root-cause it yet.
However, I bisected to commit 48aab1606fa8 ("NFSD: Remove the cap on
number of operations per NFSv4 COMPOUND").

Tianshuo Han also reports a potential vulnerability when decoding
an NFSv4 COMPOUND. An attacker can place an arbitrarily large op
count in the COMPOUND header, which results in:

[   51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total
pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO),
nodemask=(null),cpuset=/,mems_allowed=0

when NFSD attempts to allocate the COMPOUND op array.

Let's restore the operation-per-COMPOUND limit, but increased to 200
for now.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 48aab1606fa80027143a445224f552b4eeea845b

Version < b3ee7ce432289deac87b9d14e01f2fe6958f7f0b

Status affected

Version 48aab1606fa80027143a445224f552b4eeea845b

Version < 3e7f011c255582d7c914133785bbba1990441713

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version 0

Version < 6.17

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.073

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b3ee7ce432289deac87b9d14e01f2fe6958f7f0b

https://git.kernel.org/stable/c/3e7f011c255582d7c914133785bbba1990441713

https://nvd.nist.gov/vuln/detail/CVE-2025-40210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40210

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40210