Описание
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
The function needs to check the minimal filehandle length before it can
access the embedded filehandle.
A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system.
Отчет
A flaw was found in the NFS server implementation where nfs_fh_to_dentry() failed to properly validate the minimal filehandle length before accessing the embedded structure. An attacker with access to an exported NFS share could send a crafted filehandle, leading to out-of-bounds memory access and a potential kernel crash. This issue results in a remote denial of service against the NFS server. This flaw is limited to a missing bounds check in nfs_fh_to_dentry(), which causes an out-of-bounds read and a kernel crash.
Меры по смягчению последствий
To mitigate this issue, prevent module nfs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:19106 | 27.10.2025 |
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:21931 | 24.11.2025 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2025:17398 | 06.10.2025 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2025:17397 | 06.10.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2025:21667 | 18.11.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | kernel | Fixed | RHSA-2025:22752 | 04.12.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
In the Linux kernel, the following vulnerability has been resolved: N ...
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
EPSS
7.5 High
CVSS3