Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NFSv4/pNFS Layout Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's NFSv4/pNFS implementation has been addressed. The issue arose because the layout management function 'pnfs_mark_layout_stateid_invalid' did not properly clear the 'NFS_INO_LAYOUTCOMMIT' flag, leading to a potential crash when the layout reference was null. This vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability could cause a system crash by attempting to reference a null layout, disrupting the NFSv4/pNFS layout management process.

Reproduction

To reproduce this vulnerability, trigger a scenario where the NFSv4/pNFS layout management function 'pnfs_mark_layout_stateid_invalid' is called with a null layout reference. This can occur during normal NFSv4/pNFS operations if the layout management state is not properly maintained, leading to a crash when the system attempts to process the invalid layout reference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.

Added: Dec 24, 2025, 12:23 PM
Updated: Dec 24, 2025, 12:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
1.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.