CVE-2025-68243

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFS: Check the TLS certificate fields in nfs_match_client()

If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the client's identity, as presented to the server.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux90c9550a8d65fb9b1bf87baf97a04ed91bf61b33 < b8fa37219074811c04d4ecb742c73e2b296da6a8affected
LinuxLinux90c9550a8d65fb9b1bf87baf97a04ed91bf61b33 < fb2cba0854a7f315c8100a807a6959b99d72479eaffected
LinuxLinux6.17affected
LinuxLinux0 < 6.17unaffected
LinuxLinux6.17.9 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References