Back to search
CVE-2025-38430
Published: Jul 25, 2025
Modified: May 12, 2026
PUBLISHED
Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure being executed (rq_procinfo) is the NFSPROC4_COMPOUND procedure.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ed94164398c935a42be7b129a478eb19c598b68a - < bf78a2706ce975981eb5167f2d3b609eb5d24c19affected ed94164398c935a42be7b129a478eb19c598b68a - < b1d0323a09a29f81572c7391e0d80d78724729c9affected ed94164398c935a42be7b129a478eb19c598b68a - < 425efc6b3292a3c79bfee4a1661cf043dcd9cf2faffected ed94164398c935a42be7b129a478eb19c598b68a - < 64a723b0281ecaa59d31aad73ef8e408a84cb603affected ed94164398c935a42be7b129a478eb19c598b68a - < e7e943ddd1c6731812357a28e7954ade3a7d8517+3 more versions |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now