CVE-2025-38430
📋 TL;DR
A Linux kernel vulnerability in the NFS server (nfsd) where the nfsd4_spo_must_allow() function fails to verify if the request is a v4 compound request before examining connection state. This could lead to undefined behavior or potential kernel crashes. Affects systems running vulnerable Linux kernel versions with NFS server enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.
Likely Case
System instability or crash of the NFS server process when processing malformed requests, causing temporary service disruption.
If Mitigated
Minimal impact if NFS server is not exposed or properly firewalled, with only local or trusted network access.
🎯 Exploit Status
Exploitation requires sending specially crafted NFS requests to trigger the condition. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE). Specific kernel version numbers depend on distribution backports.
Vendor Advisory: https://git.kernel.org/stable/c/1244f0b2c3cecd3f349a877006e67c9492b41807
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repository. 2. For custom kernels, apply patches from kernel.org stable trees. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable NFS server
linuxStop and disable nfs-server service if not required
sudo systemctl stop nfs-server
sudo systemctl disable nfs-server
Restrict NFS access
linuxConfigure firewall to limit NFS access to trusted networks only
sudo ufw deny 2049/tcp
sudo ufw deny 2049/udp
🧯 If You Can't Patch
- Disable NFS server completely if not required
- Implement strict network segmentation and firewall rules to limit NFS access to minimum necessary hosts
🔍 How to Verify
Check if Vulnerable:
Check if NFS server is running and kernel version is unpatched: 'systemctl status nfs-server' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from distribution, and test NFS functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NFS server crash logs
- Unexpected NFS request errors
Network Indicators:
- Unusual NFS traffic patterns to port 2049
- Multiple failed NFS connection attempts
SIEM Query:
source="kernel" AND ("panic" OR "Oops") OR source="nfsd" AND ("error" OR "crash")🔗 References
- https://git.kernel.org/stable/c/1244f0b2c3cecd3f349a877006e67c9492b41807
- https://git.kernel.org/stable/c/2c54bd5a380ebf646fb9efbc4ae782ff3a83a5af
- https://git.kernel.org/stable/c/425efc6b3292a3c79bfee4a1661cf043dcd9cf2f
- https://git.kernel.org/stable/c/64a723b0281ecaa59d31aad73ef8e408a84cb603
- https://git.kernel.org/stable/c/7a75a956692aa64211a9e95781af1ec461642de4
- https://git.kernel.org/stable/c/b1d0323a09a29f81572c7391e0d80d78724729c9
- https://git.kernel.org/stable/c/bf78a2706ce975981eb5167f2d3b609eb5d24c19
- https://git.kernel.org/stable/c/e7e943ddd1c6731812357a28e7954ade3a7d8517
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
