Vulnerability-Lookup

alsa-2025:17398

Vulnerability from osv_almalinux

Published

2025-10-06 00:00

Modified

2025-10-08 10:05

Summary

Moderate: kernel-rt security update

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.78.1.rt7.419.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.  \n\nSecurity Fix(es):  \n\n  * kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)\n  * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:17398",
  "modified": "2025-10-08T10:05:33Z",
  "published": "2025-10-06T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:17398"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-38527"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-39730"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2388928"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2393731"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-17398.html"
    }
  ],
  "related": [
    "CVE-2025-38527",
    "CVE-2025-39730"
  ],
  "summary": "Moderate: kernel-rt security update"
}

CVE-2025-38527 (GCVE-0-2025-38527)

Vulnerability from cvelistv5 – Published: 2025-08-16 11:12 – Updated: 2025-11-03 17:39

Title

smb: client: fix use-after-free in cifs_oplock_break

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this point, resulting in use-after-free. Fix this by holding an extra reference to the superblock during the entire oplock break operation. This ensures that the superblock and its inodes remain valid until the oplock break completes.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4256a483fe58af66a…
	https://git.kernel.org/stable/c/0a4eec84d4d2c4085…
	https://git.kernel.org/stable/c/2baaf5bbab2ac474c…
	https://git.kernel.org/stable/c/09bce2138a30ef10d…
	https://git.kernel.org/stable/c/da11bd4b697b393a2…
	https://git.kernel.org/stable/c/705c79101ccf9edea…

Impacted products

Vendor

Product

Version

Linux

Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < 4256a483fe58af66a46cbf3dc48ff26e580d3308 (git)
Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < 0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b (git)
Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < 2baaf5bbab2ac474c4f92c10fcb3310f824db995 (git)
Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < 09bce2138a30ef10d8821c8c3f73a4ab7a5726bc (git)
Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < da11bd4b697b393a207f19a2ed7d382a811a3ddc (git)
Affected: b98749cac4a695f084a5ff076f4510b23e353ecd , < 705c79101ccf9edea5a00d761491a03ced314210 (git)
Affected: 2429fcf06d3cb962693868ab0a927c9038f12a2d (git)
Affected: 1ee4f2d7cdcd4508cc3cbe3b2622d7177b89da12 (git)
Affected: 53fc31a4853e30d6e8f142b824f724da27ff3e40 (git)
Affected: 8092ecc306d81186a64cda42411121f4d35aaff4 (git)
Affected: ebac4d0adf68f8962bd82fcf483936edd6ec095b (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.147 , ≤ 6.1.* (semver)
Unaffected: 6.6.100 , ≤ 6.6.* (semver)
Unaffected: 6.12.40 , ≤ 6.12.* (semver)
Unaffected: 6.15.8 , ≤ 6.15.* (semver)
Unaffected: 6.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:39:23.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4256a483fe58af66a46cbf3dc48ff26e580d3308",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "lessThan": "0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "lessThan": "2baaf5bbab2ac474c4f92c10fcb3310f824db995",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "lessThan": "09bce2138a30ef10d8821c8c3f73a4ab7a5726bc",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "lessThan": "da11bd4b697b393a207f19a2ed7d382a811a3ddc",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "lessThan": "705c79101ccf9edea5a00d761491a03ced314210",
              "status": "affected",
              "version": "b98749cac4a695f084a5ff076f4510b23e353ecd",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2429fcf06d3cb962693868ab0a927c9038f12a2d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1ee4f2d7cdcd4508cc3cbe3b2622d7177b89da12",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "53fc31a4853e30d6e8f142b824f724da27ff3e40",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8092ecc306d81186a64cda42411121f4d35aaff4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ebac4d0adf68f8962bd82fcf483936edd6ec095b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.147",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.147",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.100",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.40",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.72",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.171",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.114",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.0.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in cifs_oplock_break\n\nA race condition can occur in cifs_oplock_break() leading to a\nuse-after-free of the cinode structure when unmounting:\n\n  cifs_oplock_break()\n    _cifsFileInfo_put(cfile)\n      cifsFileInfo_put_final()\n        cifs_sb_deactive()\n          [last ref, start releasing sb]\n            kill_sb()\n              kill_anon_super()\n                generic_shutdown_super()\n                  evict_inodes()\n                    dispose_list()\n                      evict()\n                        destroy_inode()\n                          call_rcu(\u0026inode-\u003ei_rcu, i_callback)\n    spin_lock(\u0026cinode-\u003eopen_file_lock)  \u003c- OK\n                            [later] i_callback()\n                              cifs_free_inode()\n                                kmem_cache_free(cinode)\n    spin_unlock(\u0026cinode-\u003eopen_file_lock)  \u003c- UAF\n    cifs_done_oplock_break(cinode)       \u003c- UAF\n\nThe issue occurs when umount has already released its reference to the\nsuperblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this\nreleases the last reference, triggering the immediate cleanup of all\ninodes under RCU. However, cifs_oplock_break() continues to access the\ncinode after this point, resulting in use-after-free.\n\nFix this by holding an extra reference to the superblock during the\nentire oplock break operation. This ensures that the superblock and\nits inodes remain valid until the oplock break completes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:43:33.671Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4256a483fe58af66a46cbf3dc48ff26e580d3308"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a4eec84d4d2c4085d4ed8630fd74e4b39033c1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2baaf5bbab2ac474c4f92c10fcb3310f824db995"
        },
        {
          "url": "https://git.kernel.org/stable/c/09bce2138a30ef10d8821c8c3f73a4ab7a5726bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/da11bd4b697b393a207f19a2ed7d382a811a3ddc"
        },
        {
          "url": "https://git.kernel.org/stable/c/705c79101ccf9edea5a00d761491a03ced314210"
        }
      ],
      "title": "smb: client: fix use-after-free in cifs_oplock_break",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38527",
    "datePublished": "2025-08-16T11:12:20.843Z",
    "dateReserved": "2025-04-16T04:51:24.023Z",
    "dateUpdated": "2025-11-03T17:39:23.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-39730 (GCVE-0-2025-39730)

Vulnerability from cvelistv5 – Published: 2025-09-07 15:16 – Updated: 2025-11-03 17:42

Title

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

Summary

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7f8eca87fef7519e9…
	https://git.kernel.org/stable/c/cb09afa0948d96b1e…
	https://git.kernel.org/stable/c/3570ef5c31314c132…
	https://git.kernel.org/stable/c/763810bb883cb4de4…
	https://git.kernel.org/stable/c/12ad3def2e5e0b120…
	https://git.kernel.org/stable/c/2ad40b7992aa26bc6…
	https://git.kernel.org/stable/c/b7f7866932466332a…
	https://git.kernel.org/stable/c/7dd36f7477d1e03a1…
	https://git.kernel.org/stable/c/ef93a685e01a281b5…

Impacted products

Vendor

Product

Version

Linux

Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 7f8eca87fef7519e9c41f3258f25ebc2752247ee (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < cb09afa0948d96b1e385d609ed044bb1aa043536 (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 3570ef5c31314c13274c935a20b91768ab5bf412 (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 763810bb883cb4de412a72f338d80947d97df67b (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40 (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 2ad40b7992aa26bc631afc1a995b0e3ddc30de3f (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < b7f7866932466332a2528fda099000b035303485 (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < 7dd36f7477d1e03a1fcf8d13531ca326c4fb599f (git)
Affected: 20fa19027286983ab2734b5910c4a687436e0c31 , < ef93a685e01a281b5e2a25ce4e3428cf9371a205 (git)

Linux

Affected: 4.13
Unaffected: 0 , < 4.13 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.148 , ≤ 6.1.* (semver)
Unaffected: 6.6.102 , ≤ 6.6.* (semver)
Unaffected: 6.12.42 , ≤ 6.12.* (semver)
Unaffected: 6.15.10 , ≤ 6.15.* (semver)
Unaffected: 6.16.1 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:42:48.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/export.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f8eca87fef7519e9c41f3258f25ebc2752247ee",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "cb09afa0948d96b1e385d609ed044bb1aa043536",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "3570ef5c31314c13274c935a20b91768ab5bf412",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "763810bb883cb4de412a72f338d80947d97df67b",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "2ad40b7992aa26bc631afc1a995b0e3ddc30de3f",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "b7f7866932466332a2528fda099000b035303485",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "7dd36f7477d1e03a1fcf8d13531ca326c4fb599f",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            },
            {
              "lessThan": "ef93a685e01a281b5e2a25ce4e3428cf9371a205",
              "status": "affected",
              "version": "20fa19027286983ab2734b5910c4a687436e0c31",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/export.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:58:15.665Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f8eca87fef7519e9c41f3258f25ebc2752247ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb09afa0948d96b1e385d609ed044bb1aa043536"
        },
        {
          "url": "https://git.kernel.org/stable/c/3570ef5c31314c13274c935a20b91768ab5bf412"
        },
        {
          "url": "https://git.kernel.org/stable/c/763810bb883cb4de412a72f338d80947d97df67b"
        },
        {
          "url": "https://git.kernel.org/stable/c/12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ad40b7992aa26bc631afc1a995b0e3ddc30de3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7f7866932466332a2528fda099000b035303485"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dd36f7477d1e03a1fcf8d13531ca326c4fb599f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef93a685e01a281b5e2a25ce4e3428cf9371a205"
        }
      ],
      "title": "NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39730",
    "datePublished": "2025-09-07T15:16:19.377Z",
    "dateReserved": "2025-04-16T07:20:57.118Z",
    "dateUpdated": "2025-11-03T17:42:48.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2025:17398

Vulnerability from osv_almalinux

CVE-2025-38527 (GCVE-0-2025-38527)

CVE-2025-39730 (GCVE-0-2025-39730)

Tags

Sightings

Nomenclature