VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2025-40326

CVE-2025-40326

Description

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Define actions for the new time_deleg FATTR4 attributes

NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CB_GETATTR and SETATTR. But NFSD has to do something besides crashing if it ever sees a GETATTR request that queries these attributes.

RFC 8881 Section 18.7.3 states:

> The server MUST return a value for each attribute that the client > requests if the attribute is supported by the server for the > target file system. If the server does not support a particular > attribute on the target file system, then it MUST NOT return the > attribute value and MUST NOT set the attribute bit in the result > bitmap. The server MUST return an error if it supports an > attribute on the target but cannot obtain its value. In that case, > no attribute values will be returned.

Further, RFC 9754 Section 5 states:

> These new attributes are invalid to be used with GETATTR, VERIFY, > and NVERIFY, and they can only be used with CB_GETATTR and SETATTR > by a client holding an appropriate delegation.

Thus there does not appear to be a specific server response mandated by specification. Taking the guidance that querying these attributes via GETATTR is "invalid", NFSD will return nfserr_inval, failing the request entirely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel NFSD crash on GETATTR for new time_deleg FATTR4 attributes; fixed by returning nfserr_inval.

Vulnerability

In the Linux kernel, NFSD (NFS server) could crash when handling GETATTR requests for the newly defined time_deleg FATTR4 attributes. These attributes are intended only for CB_GETATTR and SETATTR, but the server lacked proper handling for GETATTR queries, leading to a potential crash.

Exploitation

An attacker with network access to an NFS server could send a crafted GETATTR request specifying these attributes. No authentication is required to trigger the crash, as the flaw exists in the initial parsing stage of the request.

Impact

Successful exploitation results in a denial of service (DoS) by crashing the NFSD process, disrupting NFS services for legitimate users.

Mitigation

The fix is included in Linux kernel stable commits. Administrators should apply the patch that makes NFSD return nfserr_inval for invalid GETATTR requests for these attributes, as per RFC 8881 and RFC 9754 guidelines [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

2
d8f3f94dc950
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
4f76435fd517
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.