CVE-2025-68349
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux Kernel NFSv4 Causes Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68349
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's NFSv4/pNFS subsystem involves improper handling of the NFS_INO_LAYOUTCOMMIT flag in the function pnfs_mark_layout_stateid_invalid. Specifically, if the layout is null during certain operations (such as write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode), the system may attempt to reference a null layout because the NFS_INO_LAYOUTCOMMIT flag was not cleared properly. This can lead to a crash. The fix involves clearing the NFS_INO_LAYOUTCOMMIT flag to prevent referencing a null layout.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during NFSv4/pNFS operations when the layout is null but still referenced due to the uncleared NFS_INO_LAYOUTCOMMIT flag. Such crashes can lead to system instability, potential denial of service, and disruption of file system operations relying on NFSv4/pNFS.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68349. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart