CVE-2025-38430
Description
In the Linux kernel, the following vulnerability has been resolved:
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
If the request being processed is not a v4 compound request, then examining the cstate can have undefined results.
This patch adds a check that the rpc procedure being executed (rq_procinfo) is the NFSPROC4_COMPOUND procedure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, nfsd4_spo_must_allow() incorrectly processes non-v4 compound requests, potentially leading to undefined behavior and system instability.
The vulnerability resides in the Linux kernel's NFS server (nfsd) implementation. The function nfsd4_spo_must_allow() is designed to handle v4 compound requests, but it fails to verify that the request is actually a v4 compound before examining the cstate. This can lead to undefined results when processing non-v4 compound requests [1][2].
An attacker with network access to the NFS server could send a crafted non-v4 compound request to trigger the undefined behavior. No authentication is required if the NFS service is exposed. The undefined behavior might manifest as a system crash or memory corruption [3].
Successful exploitation could lead to denial of service, as the undefined behavior may cause the kernel to panic or become unstable. There is also a possibility of information disclosure if memory contents are leaked [1].
The Linux kernel has released patches to address this issue, available in stable kernel versions. Siemens has acknowledged the vulnerability in their security advisory for SIMATIC S7-1500 CPUs, recommending updates [1]. Users should apply the latest kernel updates to mitigate the risk.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 4.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/1244f0b2c3cecd3f349a877006e67c9492b41807nvdPatch
- git.kernel.org/stable/c/2c54bd5a380ebf646fb9efbc4ae782ff3a83a5afnvdPatch
- git.kernel.org/stable/c/425efc6b3292a3c79bfee4a1661cf043dcd9cf2fnvdPatch
- git.kernel.org/stable/c/64a723b0281ecaa59d31aad73ef8e408a84cb603nvdPatch
- git.kernel.org/stable/c/7a75a956692aa64211a9e95781af1ec461642de4nvdPatch
- git.kernel.org/stable/c/b1d0323a09a29f81572c7391e0d80d78724729c9nvdPatch
- git.kernel.org/stable/c/bf78a2706ce975981eb5167f2d3b609eb5d24c19nvdPatch
- git.kernel.org/stable/c/e7e943ddd1c6731812357a28e7954ade3a7d8517nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
0No linked articles in our index yet.