CVE-2025-40326

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s Network File System Daemon (NFSD) does not properly handle requests for new time deleg FATTR4 attributes introduced in newer NFS specifications. Specifically, NFSv4 clients are not expected to send GETATTR requests for these attributes, as they are intended for use only with CB GETATTR and SETATTR. However, NFSD lacked defined behavior when receiving GETATTR requests for these attributes. As a result, the server now returns an nfserr inval error, effectively failing such requests. RFC 8881 and RFC 9754 specify that these attributes are invalid for use with GETATTR, VERIFY, and NVERIFY, and should only be used with CB GETATTR and SETATTR by clients holding appropriate delegations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.