VDB
DEBIAN-CVE-2025-68185
DEBIAN-CVE-2025-68185
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.179-5, 5.10.103-1, 5.10.103-1 |
| Debian:13 | linux | 6.12.48-1, 6.12.57-1, 6.12.57-1 |
| Debian:11 | linux-6.1 | 6.1.158-1~deb11u1, 0, * |
| Debian:12 | linux | 6.1.135-1, 0, 6.1.106-1 |
| Debian:14 | linux | 6.12.38-1, 0, * |
Timeline
- Dec 16, 2025 CVE Published
- Apr 28, 2026 CVE Updated