CVE-2025-38430

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request

If the request being processed is not a v4 compound request, then examining the cstate can have undefined results.

This patch adds a check that the rpc procedure being executed (rq_procinfo) is the NFSPROC4_COMPOUND procedure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < bf78a2706ce975981eb5167f2d3b609eb5d24c19affected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < b1d0323a09a29f81572c7391e0d80d78724729c9affected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < 425efc6b3292a3c79bfee4a1661cf043dcd9cf2faffected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < 64a723b0281ecaa59d31aad73ef8e408a84cb603affected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < e7e943ddd1c6731812357a28e7954ade3a7d8517affected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < 7a75a956692aa64211a9e95781af1ec461642de4affected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < 2c54bd5a380ebf646fb9efbc4ae782ff3a83a5afaffected
LinuxLinuxed94164398c935a42be7b129a478eb19c598b68a < 1244f0b2c3cecd3f349a877006e67c9492b41807affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.4.295 <= 5.4.*unaffected
LinuxLinux5.10.239 <= 5.10.*unaffected
LinuxLinux5.15.186 <= 5.15.*unaffected
LinuxLinux6.1.142 <= 6.1.*unaffected
LinuxLinux6.6.95 <= 6.6.*unaffected
LinuxLinux6.12.35 <= 6.12.*unaffected
LinuxLinux6.15.4 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References