{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()",
    "id" : "2393731",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2393731"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle.", "A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system." ],
  "statement" : "A flaw was found in the NFS server implementation where nfs_fh_to_dentry() failed to properly validate the minimal filehandle length before accessing the embedded structure. An attacker with access to an exported NFS share could send a crafted filehandle, leading to out-of-bounds memory access and a potential kernel crash. This issue results in a remote denial of service against the NFS server.\nThis flaw is limited to a missing bounds check in nfs_fh_to_dentry(), which causes an out-of-bounds read and a kernel crash.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-10-27T00:00:00Z",
    "advisory" : "RHSA-2025:19106",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.41.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-24T00:00:00Z",
    "advisory" : "RHSA-2025:21931",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.13.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-10-06T00:00:00Z",
    "advisory" : "RHSA-2025:17398",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.78.1.rt7.419.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-10-06T00:00:00Z",
    "advisory" : "RHSA-2025:17397",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.78.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-11-18T00:00:00Z",
    "advisory" : "RHSA-2025:21667",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.173.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-10-29T00:00:00Z",
    "advisory" : "RHSA-2025:19222",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.166.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-10-29T00:00:00Z",
    "advisory" : "RHSA-2025:19222",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.166.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-10-29T00:00:00Z",
    "advisory" : "RHSA-2025:19222",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.166.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-10-22T00:00:00Z",
    "advisory" : "RHSA-2025:18932",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.116.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-10-22T00:00:00Z",
    "advisory" : "RHSA-2025:18932",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.116.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-10-27T00:00:00Z",
    "advisory" : "RHSA-2025:19105",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.58.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-10-27T00:00:00Z",
    "advisory" : "RHSA-2025:19105",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.58.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21091",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.153.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21136",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.153.1.rt21.225.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22095",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.148.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22124",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.148.1.rt14.433.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19886",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.97.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-39730\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39730\nhttps://lore.kernel.org/linux-cve-announce/2025090730-CVE-2025-39730-72c9@gregkh/T" ],
  "name" : "CVE-2025-39730",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module nfs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}