PT-2025-51655 · Linux+3 · Linux Kernel+3

Published

2025-11-09

Updated

2026-03-13

CVE-2025-68242

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's NFS implementation related to delegated timestamps. Specifically, the nfs setattr function does not properly verify the inode's User ID (UID) against the caller's file system User ID (fsuid) when delegated timestamps are enabled. This can lead to failures in tests like utimes01 and utime06 when using the 'nobody' user ID. The issue arises because the request bypasses server permission checking when it should not.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2026-03163

CVE-2025-68242

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-51655 · Linux+3 · Linux Kernel+3

CVE-2025-68242

Weakness Enumeration

Related Identifiers

Affected Products

References · 859