CVE-2025-40210
Description
In the Linux kernel, the following vulnerability has been resolved:
Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"
I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but I haven't been able to root-cause it yet. However, I bisected to commit 48aab1606fa8 ("NFSD: Remove the cap on number of operations per NFSv4 COMPOUND").
Tianshuo Han also reports a potential vulnerability when decoding an NFSv4 COMPOUND. An attacker can place an arbitrarily large op count in the COMPOUND header, which results in:
[ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
when NFSD attempts to allocate the COMPOUND op array.
Let's restore the operation-per-COMPOUND limit, but increased to 200 for now.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
77- osv-coords76 versionspkg:linux/kernelpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rv
>= 6.17.0, < 6.17.8+ 75 more
- (no CPE)range: >= 6.17.0, < 6.17.8
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
- (no CPE)range: < 6.12.0-211.7.1.el10_2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.