CVE-2025-68185
Description
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack.
Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient locking in nfs4_setup_readdir() leads to a race condition when dereferencing ->d_parent->d_inode, potentially causing an oops.
Vulnerability
In the Linux kernel, the function nfs4_setup_readdir() lacks proper locking when dereferencing the inode of the parent directory (->d_parent->d_inode). This insufficient locking can theoretically lead to a race condition, potentially resulting in a kernel oops if the parent directory's inode is accessed concurrently and becomes invalid or changed.
Exploitation
The race is considered difficult to exploit on real hardware, though it may become more feasible in virtualized environments such as KVM. The attack requires precise timing and likely local access to trigger the race. No authentication is needed beyond the ability to perform NFS directory reads that invoke the vulnerable code path.
Impact
If successfully triggered, an attacker could cause a kernel panic (oops), leading to denial of service. Given the theoretical nature and difficulty of exploitation, the practical risk is low, but the vulnerability is still addressed in kernel stable updates.
Mitigation
The fix is straightforward: by wrapping the dereference and subsequent xdr_encode_hyper() call under ->d_lock, the race is eliminated. Patches have been applied to the stable kernel tree as commit [1] and backported to various stable branches. Users should update to the latest stable kernel to mitigate this issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/40be5b9080114f18b0cea386db415b68a7273c1anvd
- git.kernel.org/stable/c/504b3fb9948a9e96ebbabdee0d33966a8bab15cbnvd
- git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677nvd
- git.kernel.org/stable/c/a890a2e339b929dbd843328f9a92a1625404fe63nvd
- git.kernel.org/stable/c/e6cafe71eb3b5579b245ba1bd528a181e77f3df1nvd
- git.kernel.org/stable/c/eacfd08b26a062f1095b18719715bc82ad35312envd
- git.kernel.org/stable/c/f5e570eaab36a110c6ffda32b87c51170990c2d1nvd
- git.kernel.org/stable/c/fa4daf7d11e45b72aad5d943a7ab991f869fff79nvd
News mentions
0No linked articles in our index yet.