CVE-2025-68242

Dec. 18, 2025, 3:08 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The problem can be reproduced as follow: # echo "/media *(rw,no_root_squash,sync)" >> /etc/exports # export -ra # mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir # cd /opt/ltp # ./runltp -d /tmpdir -s utimes01 # ./runltp -d /tmpdir -s utime06 This issue occurs because nfs_setattr does not verify the inode's UID against the caller's fsuid when delegated timestamps are permitted for the inode. This patch adds the UID check and if it does not match then the request is sent to the server for permission checking.

Product(s) Impacted

Product Versions

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/0e9be902041c6b9f0ed4b72764187eed1067a42f
https://git.kernel.org/stable/c/b2e4cda71ed062c87573b016d2d956a62f4258ed
https://git.kernel.org/stable/c/b623390045a81fc559decb9bfeb79319721d3dfb

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-16
CVE-2025-68242

Timeline

Published: Dec. 16, 2025, 3:15 p.m.
Last Modified: Dec. 18, 2025, 3:08 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.