| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026010516-CVE-2025-68764-107e@gregkh> Date: Mon, 5 Jan 2026 10:44:17 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag. The Linux kernel CVE team has assigned CVE-2025-68764 to this issue. Affected and fixed versions =========================== Issue introduced in 5.6 with commit f2aedb713c284429987dc66c7aaf38decfc8da2a and fixed in 6.12.63 with commit 612cc98698d667df804792f0c47d4e501e66da29 Issue introduced in 5.6 with commit f2aedb713c284429987dc66c7aaf38decfc8da2a and fixed in 6.17.13 with commit 4b296944e632cf4c6a4cc8e2585c6451eae47b1b Issue introduced in 5.6 with commit f2aedb713c284429987dc66c7aaf38decfc8da2a and fixed in 6.18.2 with commit df9b003a2ecacc7218486fbb31fe008c93097d5f Issue introduced in 5.6 with commit f2aedb713c284429987dc66c7aaf38decfc8da2a and fixed in 6.19-rc1 with commit 8675c69816e4276b979ff475ee5fac4688f80125 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68764 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfs/namespace.c fs/nfs/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/612cc98698d667df804792f0c47d4e501e66da29 https://git.kernel.org/stable/c/4b296944e632cf4c6a4cc8e2585c6451eae47b1b https://git.kernel.org/stable/c/df9b003a2ecacc7218486fbb31fe008c93097d5f https://git.kernel.org/stable/c/8675c69816e4276b979ff475ee5fac4688f80125
Powered by blists - more mailing lists