CVE-2025-38430

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38430
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38430.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38430
Downstream
Related
Published
2025-07-25T14:16:49.443Z
Modified
2026-03-20T12:42:51.632877Z
Summary
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: nfsd4spomust_allow() must check this is a v4 compound request

If the request being processed is not a v4 compound request, then examining the cstate can have undefined results.

This patch adds a check that the rpc procedure being executed (rqprocinfo) is the NFSPROC4COMPOUND procedure.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38430.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ed94164398c935a42be7b129a478eb19c598b68a
Fixed
bf78a2706ce975981eb5167f2d3b609eb5d24c19
Fixed
b1d0323a09a29f81572c7391e0d80d78724729c9
Fixed
425efc6b3292a3c79bfee4a1661cf043dcd9cf2f
Fixed
64a723b0281ecaa59d31aad73ef8e408a84cb603
Fixed
e7e943ddd1c6731812357a28e7954ade3a7d8517
Fixed
7a75a956692aa64211a9e95781af1ec461642de4
Fixed
2c54bd5a380ebf646fb9efbc4ae782ff3a83a5af
Fixed
1244f0b2c3cecd3f349a877006e67c9492b41807

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38430.json"