CVE-2025-68349 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560a
https://git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25
https://git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dad
https://git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746

History

Wed, 24 Dec 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs_set_layoutcommit relies on the lseg refcount to keep the layout around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt to reference a null layout.
Title		NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560a https://git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25 https://git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dad https://git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T10:32:41.253Z

Updated: 2025-12-24T10:32:41.253Z

Reserved: 2025-12-16T14:48:05.300Z

Link: CVE-2025-68349

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T11:15:58.247

Modified: 2025-12-24T11:15:58.247

Link: CVE-2025-68349

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68349", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T14:48:05.300Z", "datePublished": "2025-12-24T10:32:41.253Z", "dateUpdated": "2025-12-24T10:32:41.253Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T10:32:41.253Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n -> nfs4_write_inode\n -> pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/pnfs.c"], "versions": [{"version": "fe1cf9469d7bcb6af27e42eb555a41b0135bce4a", "lessThan": "59947dff0fb7c19c09ce6dccbcd253fd542b6c25", "status": "affected", "versionType": "git"}, {"version": "fe1cf9469d7bcb6af27e42eb555a41b0135bce4a", "lessThan": "ca2e7fdad7c683b64821c94a58b9b68733214dad", "status": "affected", "versionType": "git"}, {"version": "fe1cf9469d7bcb6af27e42eb555a41b0135bce4a", "lessThan": "38694f9aae00459ab443a7dc8b3949a6b33b560a", "status": "affected", "versionType": "git"}, {"version": "fe1cf9469d7bcb6af27e42eb555a41b0135bce4a", "lessThan": "e0f8058f2cb56de0b7572f51cd563ca5debce746", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/pnfs.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.63", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.13", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.2", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.12.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.17.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.18.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.19-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25"}, {"url": "https://git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dad"}, {"url": "https://git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560a"}, {"url": "https://git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746"}], "title": "NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid", "x_generator": {"engine": "bippy-1.2.0"}}}}