Bug 2393731 (CVE-2025-39730) - CVE-2025-39730 kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
Summary: CVE-2025-39730 kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
Keywords:
Status: NEW
Alias: CVE-2025-39730
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-07 16:01 UTC by OSIDB Bzimport
Modified: 2025-12-04 12:45 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:17397 0 None None None 2025-10-06 21:36:09 UTC
Red Hat Product Errata RHSA-2025:17398 0 None None None 2025-10-06 15:38:41 UTC
Red Hat Product Errata RHSA-2025:18932 0 None None None 2025-10-22 00:23:17 UTC
Red Hat Product Errata RHSA-2025:19105 0 None None None 2025-10-27 19:34:10 UTC
Red Hat Product Errata RHSA-2025:19106 0 None None None 2025-10-27 18:31:38 UTC
Red Hat Product Errata RHSA-2025:19222 0 None None None 2025-10-29 00:36:15 UTC
Red Hat Product Errata RHSA-2025:19886 0 None None None 2025-11-06 08:55:15 UTC
Red Hat Product Errata RHSA-2025:21091 0 None None None 2025-11-12 08:08:46 UTC
Red Hat Product Errata RHSA-2025:21136 0 None None None 2025-11-12 15:05:13 UTC
Red Hat Product Errata RHSA-2025:21667 0 None None None 2025-11-18 09:00:48 UTC
Red Hat Product Errata RHSA-2025:21931 0 None None None 2025-11-24 09:19:04 UTC
Red Hat Product Errata RHSA-2025:22095 0 None None None 2025-11-25 17:16:05 UTC
Red Hat Product Errata RHSA-2025:22124 0 None None None 2025-11-25 18:13:49 UTC
Red Hat Product Errata RHSA-2025:22752 0 None None None 2025-12-04 12:45:46 UTC

Description OSIDB Bzimport 2025-09-07 16:01:12 UTC 
In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

The function needs to check the minimal filehandle length before it can
access the embedded filehandle.
Comment 1 Mauro Matteo Cascella 2025-09-09 08:14:41 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025090730-CVE-2025-39730-72c9@gregkh/T
Comment 2 errata-xmlrpc 2025-10-06 15:38:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:17398 https://access.redhat.com/errata/RHSA-2025:17398
Comment 3 errata-xmlrpc 2025-10-06 21:36:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:17397 https://access.redhat.com/errata/RHSA-2025:17397
Comment 6 errata-xmlrpc 2025-10-22 00:23:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:18932 https://access.redhat.com/errata/RHSA-2025:18932
Comment 7 errata-xmlrpc 2025-10-27 18:31:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19106 https://access.redhat.com/errata/RHSA-2025:19106
Comment 8 errata-xmlrpc 2025-10-27 19:34:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19105 https://access.redhat.com/errata/RHSA-2025:19105
Comment 9 errata-xmlrpc 2025-10-29 00:36:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:19222 https://access.redhat.com/errata/RHSA-2025:19222
Comment 12 errata-xmlrpc 2025-11-06 08:55:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:19886 https://access.redhat.com/errata/RHSA-2025:19886
Comment 13 errata-xmlrpc 2025-11-12 08:08:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21091 https://access.redhat.com/errata/RHSA-2025:21091
Comment 14 errata-xmlrpc 2025-11-12 15:05:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21136 https://access.redhat.com/errata/RHSA-2025:21136
Comment 15 errata-xmlrpc 2025-11-18 09:00:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:21667 https://access.redhat.com/errata/RHSA-2025:21667
Comment 16 errata-xmlrpc 2025-11-24 09:19:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21931 https://access.redhat.com/errata/RHSA-2025:21931
Comment 17 errata-xmlrpc 2025-11-25 17:16:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22095 https://access.redhat.com/errata/RHSA-2025:22095
Comment 18 errata-xmlrpc 2025-11-25 18:13:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22124 https://access.redhat.com/errata/RHSA-2025:22124
Comment 19 errata-xmlrpc 2025-12-04 12:45:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22752 https://access.redhat.com/errata/RHSA-2025:22752
Note You need to log in before you can comment on or make changes to this bug.