Home

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but I haven't been able to root-cause it yet. However, I bisected to commit 48aab1606fa8 ("NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"). Tianshuo Han also reports a potential vulnerability when decoding an NFSv4 COMPOUND. An attacker can place an arbitrarily large op count in the COMPOUND header, which results in: [ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 when NFSD attempts to allocate the COMPOUND op array. Let's restore the operation-per-COMPOUND limit, but increased to 200 for now.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-21 | Updated 2026-01-02 | Assigner Linux

Product status

Default status
unaffected

48aab1606fa80027143a445224f552b4eeea845b (git) before b3ee7ce432289deac87b9d14e01f2fe6958f7f0b
affected

48aab1606fa80027143a445224f552b4eeea845b (git) before 3e7f011c255582d7c914133785bbba1990441713
affected

Default status
affected

6.17
affected

Any version before 6.17
unaffected

6.17.8 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/b3ee7ce432289deac87b9d14e01f2fe6958f7f0b

git.kernel.org/...c/3e7f011c255582d7c914133785bbba1990441713

cve.org (CVE-2025-40210)

nvd.nist.gov (CVE-2025-40210)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.