CVE-2025-39730

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-39730

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39730.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-39730

Downstream

AZL-67070

AZL-74183

BELL-CVE-2025-39730

DEBIAN-CVE-2025-39730

DLA-4327-1

DLA-4328-1

ECHO-8d56-2ccf-2653

MGASA-2025-0234

MGASA-2025-0235

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

RHSA-2025:17397

RHSA-2025:17398

RHSA-2025:18932

RHSA-2025:19105

RHSA-2025:19106

RHSA-2025:19222

RHSA-2025:19886

RHSA-2025:21091

RHSA-2025:21136

RHSA-2025:21667

RHSA-2025:21931

RHSA-2025:22095

RHSA-2025:22124

RHSA-2025:22752

RLSA-2025:19105

RLSA-2025:19106

RLSA-2025:21931

ROOT-OS-DEBIAN-11-CVE-2025-39730

ROOT-OS-UBUNTU-2204-CVE-2025-39730

ROOT-OS-UBUNTU-2404-CVE-2025-39730

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

openSUSE-SU-2025:20081-1

Related

Published

2025-09-07T15:16:19.377Z

Modified

2026-05-07T04:17:22.495759Z

Summary

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

Details

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix filehandle bounds checking in nfsfhto_dentry()

The function needs to check the minimal filehandle length before it can access the embedded filehandle.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39730.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

20fa19027286983ab2734b5910c4a687436e0c31

Fixed

7f8eca87fef7519e9c41f3258f25ebc2752247ee

Fixed

cb09afa0948d96b1e385d609ed044bb1aa043536

Fixed

3570ef5c31314c13274c935a20b91768ab5bf412

Fixed

763810bb883cb4de412a72f338d80947d97df67b

Fixed

12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40

Fixed

2ad40b7992aa26bc631afc1a995b0e3ddc30de3f

Fixed

b7f7866932466332a2528fda099000b035303485

Fixed

7dd36f7477d1e03a1fcf8d13531ca326c4fb599f

Fixed

ef93a685e01a281b5e2a25ce4e3428cf9371a205

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39730.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.13.0

Fixed

5.4.297

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.241

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.190

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.148

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.102

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.42

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.10

Type: ECOSYSTEM
Events: Introduced

6.16.0

Fixed

6.16.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39730.json"