CVE-2025-68349
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Fixes a crash when layout is null during this call stack:
write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode
pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in the Linux kernel's NFSv4/pNFS subsystem can crash the system when layout state is invalidated without clearing a pending layoutcommit flag.
Vulnerability
Description
In the Linux kernel's NFSv4/pNFS implementation, a null pointer dereference vulnerability exists in the pnfs_mark_layout_stateid_invalid function. The root cause is that the NFS_INO_LAYOUTCOMMIT flag is not cleared when the layout stateid is marked invalid. This can lead to a situation where pnfs_layoutcommit_inode is called on a null layout pointer, causing a kernel crash. The issue manifests in the call stack write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode [1].
Exploitation
An attacker with the ability to trigger NFS write operations on a system using NFSv4 with pNFS (parallel NFS) can potentially exploit this vulnerability. The attack requires that the layout delegation and the ability to cause layout stateid invalidation. No authentication is needed beyond normal NFS client access. The vulnerability is triggered during normal write-back operations when the kernel attempts to commit a layout that has already been invalidated but still has the layoutcommit flag set.
Impact
Successful exploitation results in a kernel crash (denial of service) due to a null pointer dereference. This can cause system instability or complete system hang, requiring a reboot to recover. There is no evidence of privilege escalation or data corruption from the available information.
Mitigation
The fix is included in Linux kernel stable updates. Patches are available in commits [1], [2], and [3] for various stable kernel branches. System administrators should apply the latest kernel updates from their distribution. No workaround is available other than avoiding the use of NFSv4 pNFS layouts or applying the patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/084bebe82ad86f718a3af84f34761863e63164ednvd
- git.kernel.org/stable/c/104080582ae0aa6dce6c6d75ff89062efe84673bnvd
- git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560anvd
- git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25nvd
- git.kernel.org/stable/c/b6e4e3a08c03200cc4b8067ec8ab3172a989d6fcnvd
- git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dadnvd
- git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746nvd
- git.kernel.org/stable/c/f718f9ea6094843b8c059b073af49ad61e9f49bbnvd
News mentions
0No linked articles in our index yet.