Linux Kernel NFSv4 Compound Request Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's NFS server implementation can lead to undefined behavior when processing certain requests. Specifically, the function nfsd4_spo_must_allow() must verify that the request is a version 4 compound request. The vulnerability arises because, without this check, examining the request's state could produce unpredictable results.

Impact

Exploiting this vulnerability could cause undefined behavior in the NFS server, potentially leading to incorrect handling of requests or other unforeseen issues.

Added: Jul 25, 2025, 4:14 PM

Updated: Jul 25, 2025, 4:14 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NFSv4 Compound Request Handling Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating