CVE-2025-68185
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves insufficient locking when dereferencing the d_parent->d_inode pointer in the nfs4_setup_readdir() function. It is theoretically a race condition that could cause a kernel oops (crash), but it is unlikely to be triggered on real hardware and might only be possible in virtualized environments like KVM. The fix involves adding proper locking around the call to put_unaligned_be64() to prevent this race condition.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause a kernel oops (crash) due to a race condition in the Linux kernel's NFS code. However, it is considered difficult to trigger on real hardware, so the practical impact is low. In virtualized environments such as KVM, it might be more feasible to exploit, potentially leading to system instability or denial of service.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed Linux kernel version that addresses the insufficient locking in nfs4_setup_readdir(). Since the vulnerability is related to kernel code, updating the kernel is the recommended mitigation.