CVE-2025-40087

Vulnerability

CVE-2025-40087 is a missing function definition in the Linux kernel's NFS server (NFSD) for the FlexFiles layout type. When a pNFS client sends a LAYOUTCOMMIT operation for a FlexFiles layout, the server does not have a corresponding procedure handler defined. This results in a NULL pointer dereference or similar crash, as the server attempts to invoke an undefined operation.

Exploitation

Attack requires a pNFS client capable of using FlexFiles layouts. A client can send of a LAYOUTCOMMIT operation for such a layout triggers the crash. No authentication bypass is needed; a legitimate client with appropriate pNFS capabilities can cause the denial of service.

Impact

An unprivileged pNFS client can cause the NFS server to crash, leading to denial of service for all NFS clients. This is an availability issue with high impact as described in the kernel patch references.

Mitigation

The vulnerability is fixed by adding a proc_layoutcommit handler for FlexFiles layout type in the NFSD code. The commits referenced [1], [2], [3] implement this fix for stable kernels. Administrators should apply the latest kernel updates.