CVE-2025-39730
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
The function needs to check the minimal filehandle length before it can access the embedded filehandle.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 7f8eca87fef7519e9c41f3258f25ebc2752247ee | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < cb09afa0948d96b1e385d609ed044bb1aa043536 | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 3570ef5c31314c13274c935a20b91768ab5bf412 | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 763810bb883cb4de412a72f338d80947d97df67b | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40 | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 2ad40b7992aa26bc631afc1a995b0e3ddc30de3f | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < b7f7866932466332a2528fda099000b035303485 | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < 7dd36f7477d1e03a1fcf8d13531ca326c4fb599f | affected |
| Linux | Linux | 20fa19027286983ab2734b5910c4a687436e0c31 < ef93a685e01a281b5e2a25ce4e3428cf9371a205 | affected |
| Linux | Linux | 4.13 | affected |
| Linux | Linux | 0 < 4.13 | unaffected |
| Linux | Linux | 5.4.297 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.241 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.190 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.148 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.102 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.42 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.10 <= 6.15.* | unaffected |
| Linux | Linux | 6.16.1 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/7f8eca87fef7519e9c41f3258f25ebc2752247ee
- https://git.kernel.org/stable/c/cb09afa0948d96b1e385d609ed044bb1aa043536
- https://git.kernel.org/stable/c/3570ef5c31314c13274c935a20b91768ab5bf412
- https://git.kernel.org/stable/c/763810bb883cb4de412a72f338d80947d97df67b
- https://git.kernel.org/stable/c/12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40
- https://git.kernel.org/stable/c/2ad40b7992aa26bc631afc1a995b0e3ddc30de3f
- https://git.kernel.org/stable/c/b7f7866932466332a2528fda099000b035303485
- https://git.kernel.org/stable/c/7dd36f7477d1e03a1fcf8d13531ca326c4fb599f
- https://git.kernel.org/stable/c/ef93a685e01a281b5e2a25ce4e3428cf9371a205
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.