CVE-2025-40087 - Vulnerability Details

- NFSD: Define a proc_layoutcommit for the FlexFiles layout type

Description

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Define a proc_layoutcommit for the FlexFiles layout type

Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT
operation on a FlexFiles layout.

Published: 2025-10-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< a75994dd879401c3e24ff51c2536559f1a53ea27
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< 34d187e020cbda112a6c6f094f0ca5e6a8672b75
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< ba88a53d7f5df4191583abf214214efe0cda91d2
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< da9129ef77786839a3ccd1d7afeeab790bceaa1d
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< f7353208c91ab004e0179c5fb6c365b0f132f9f0
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< 785ec512afa80d0540f2ca797c0e56de747a6083
`9b9960a0ca4773e21c4b153ed355583946346b25`	affected	< 4b47a8601b71ad98833b447d465592d847b4dc77

Linux

affected

Version	Status	Constraints
`4.8`	affected	—
`0`	unaffected	< 4.8
`5.4.301`	unaffected	≤ 5.4.*
`5.10.246`	unaffected	≤ 5.10.*
`5.15.196`	unaffected	≤ 5.15.*
`6.1.158`	unaffected	≤ 6.1.*
`6.6.114`	unaffected	≤ 6.6.*
`6.12.55`	unaffected	≤ 6.12.*
`6.17.5`	unaffected	≤ 6.17.*
`6.18`	unaffected	≤ *

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4379-1	linux-6.1 security update
Debian DLA	DLA-4404-1	linux security update
Debian DSA	DSA-6053-1	linux security update
Ubuntu USN	USN-8029-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8030-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8033-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8034-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-8033-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8029-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8034-2	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8048-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-8033-6	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8033-7	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-8	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-8029-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8100-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8095-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8095-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8125-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8165-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75
https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77
https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083
https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4
https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27
https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2
https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d
https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0
https://lore.kernel.org/linux-cve-announce/2025103015-CVE-2025-40087-ff33@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-40087
https://www.cve.org/CVERecord?id=CVE-2025-40087

History

Mon, 01 Dec 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 31 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025103015-CVE-2025-40087-ff33@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-40087 https://www.cve.org/CVERecord?id=CVE-2025-40087
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 30 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Thu, 30 Oct 2025 10:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout.
Title		NFSD: Define a proc_layoutcommit for the FlexFiles layout type
References		https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75 https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77 https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083 https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4 https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27 https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2 https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-30T09:47:56.675Z

Updated: 2026-05-11T21:42:15.664Z

Reserved: 2025-04-16T07:20:57.162Z

Link: CVE-2025-40087

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-10-30T10:15:33.230

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-40087

Redhat

Severity : Moderate

Publid Date: 2025-10-30T00:00:00Z

Links: CVE-2025-40087 - Bugzilla

OpenCVE Enrichment

Updated: 2025-10-30T14:37:14Z

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object