ghsa-3c64-vv99-p2qr
Vulnerability from github
Published
2025-12-08 03:31
Modified
2025-12-08 03:31
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Define actions for the new time_deleg FATTR4 attributes

NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CB_GETATTR and SETATTR. But NFSD has to do something besides crashing if it ever sees a GETATTR request that queries these attributes.

RFC 8881 Section 18.7.3 states:

The server MUST return a value for each attribute that the client requests if the attribute is supported by the server for the target file system. If the server does not support a particular attribute on the target file system, then it MUST NOT return the attribute value and MUST NOT set the attribute bit in the result bitmap. The server MUST return an error if it supports an attribute on the target but cannot obtain its value. In that case, no attribute values will be returned.

Further, RFC 9754 Section 5 states:

These new attributes are invalid to be used with GETATTR, VERIFY, and NVERIFY, and they can only be used with CB_GETATTR and SETATTR by a client holding an appropriate delegation.

Thus there does not appear to be a specific server response mandated by specification. Taking the guidance that querying these attributes via GETATTR is "invalid", NFSD will return nfserr_inval, failing the request entirely.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-40326"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-08T01:16:05Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define actions for the new time_deleg FATTR4 attributes\n\nNFSv4 clients won\u0027t send legitimate GETATTR requests for these new\nattributes because they are intended to be used only with CB_GETATTR\nand SETATTR. But NFSD has to do something besides crashing if it\never sees a GETATTR request that queries these attributes.\n\nRFC 8881 Section 18.7.3 states:\n\n\u003e The server MUST return a value for each attribute that the client\n\u003e requests if the attribute is supported by the server for the\n\u003e target file system. If the server does not support a particular\n\u003e attribute on the target file system, then it MUST NOT return the\n\u003e attribute value and MUST NOT set the attribute bit in the result\n\u003e bitmap. The server MUST return an error if it supports an\n\u003e attribute on the target but cannot obtain its value. In that case,\n\u003e no attribute values will be returned.\n\nFurther, RFC 9754 Section 5 states:\n\n\u003e These new attributes are invalid to be used with GETATTR, VERIFY,\n\u003e and NVERIFY, and they can only be used with CB_GETATTR and SETATTR\n\u003e by a client holding an appropriate delegation.\n\nThus there does not appear to be a specific server response mandated\nby specification. Taking the guidance that querying these attributes\nvia GETATTR is \"invalid\", NFSD will return nfserr_inval, failing the\nrequest entirely.",
  "id": "GHSA-3c64-vv99-p2qr",
  "modified": "2025-12-08T03:31:02Z",
  "published": "2025-12-08T03:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40326"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f76435fd517981f01608678c06ad9718a86ee98"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8f3f94dc950e7c62c96af432c26745885b0a18a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.