Unrated severityNVD Advisory· Published Dec 16, 2025· Updated Apr 15, 2026

CVE-2025-68242

Description

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix LTP test failures when timestamps are delegated

The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID.

The problem can be reproduced as follow:

# echo "/media *(rw,no_root_squash,sync)" >> /etc/exports # export -ra # mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir # cd /opt/ltp # ./runltp -d /tmpdir -s utimes01 # ./runltp -d /tmpdir -s utime06

This issue occurs because nfs_setattr does not verify the inode's UID against the caller's fsuid when delegated timestamps are permitted for the inode.

This patch adds the UID check and if it does not match then the request is sent to the server for permission checking.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NFS delegated timestamps allow unprivileged users to set file times without UID check, bypassing server permission checks.

In the Linux kernel, NFS delegated timestamps permit clients to modify file atime and mtime locally without contacting the server. The nfs_setattr function failed to verify that the caller's filesystem UID matched the inode's UID before accepting the delegated timestamp update. This omission allowed users with access to a delegated file to arbitrarily change its timestamps, even if they lacked ownership permissions.

To trigger the vulnerability, an attacker needs network access to an NFS share that enables delegated timestamps (e.g., NFSv4.2 with no_root_squash). The LTP tests utimes01 and utime06 reproduce the issue using the nobody user, confirming exploitation privileges. No authentication bypass is required; the flaw lies in the client-side permission check.

The impact is limited to timestamp manipulation, but this can break time-based access controls or logging mechanisms. The fix adds a UID comparison: if the caller's fsuid does not match the inode owner, the request is forwarded to the NFS server for authorization, restoring proper permission validation [1].

The kernel upstream commit resolves the issue, and distributions incorporating the patch are considered fixed. No workaround exists aside from disabling delegated timestamps, which may impact performance. The vulnerability is not known to be exploited in the wild (no KEV listing).

References

Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Linux Kernel Rtllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000