{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68242", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.263Z", "datePublished": "2025-12-16T14:21:19.558Z", "dateUpdated": "2026-05-11T21:49:34.952Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:49:34.952Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix LTP test failures when timestamps are delegated\n\nThe utimes01 and utime06 tests fail when delegated timestamps are\nenabled, specifically in subtests that modify the atime and mtime\nfields using the 'nobody' user ID.\n\nThe problem can be reproduced as follow:\n\n# echo \"/media *(rw,no_root_squash,sync)\" >> /etc/exports\n# export -ra\n# mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir\n# cd /opt/ltp\n# ./runltp -d /tmpdir -s utimes01\n# ./runltp -d /tmpdir -s utime06\n\nThis issue occurs because nfs_setattr does not verify the inode's\nUID against the caller's fsuid when delegated timestamps are\npermitted for the inode.\n\nThis patch adds the UID check and if it does not match then the\nrequest is sent to the server for permission checking."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/inode.c"], "versions": [{"version": "e12912d94137ab36ee704a91f465ff15c8b423da", "lessThan": "b2e4cda71ed062c87573b016d2d956a62f4258ed", "status": "affected", "versionType": "git"}, {"version": "e12912d94137ab36ee704a91f465ff15c8b423da", "lessThan": "0e9be902041c6b9f0ed4b72764187eed1067a42f", "status": "affected", "versionType": "git"}, {"version": "e12912d94137ab36ee704a91f465ff15c8b423da", "lessThan": "b623390045a81fc559decb9bfeb79319721d3dfb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/inode.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.59", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.9", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.17.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b2e4cda71ed062c87573b016d2d956a62f4258ed"}, {"url": "https://git.kernel.org/stable/c/0e9be902041c6b9f0ed4b72764187eed1067a42f"}, {"url": "https://git.kernel.org/stable/c/b623390045a81fc559decb9bfeb79319721d3dfb"}], "title": "NFS: Fix LTP test failures when timestamps are delegated", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix LTP test failures when timestamps are delegated\n\nThe utimes01 and utime06 tests fail when delegated timestamps are\nenabled, specifically in subtests that modify the atime and mtime\nfields using the 'nobody' user ID.\n\nThe problem can be reproduced as follow:\n\n# echo \"/media *(rw,no_root_squash,sync)\" >> /etc/exports\n# export -ra\n# mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir\n# cd /opt/ltp\n# ./runltp -d /tmpdir -s utimes01\n# ./runltp -d /tmpdir -s utime06\n\nThis issue occurs because nfs_setattr does not verify the inode's\nUID against the caller's fsuid when delegated timestamps are\npermitted for the inode.\n\nThis patch adds the UID check and if it does not match then the\nrequest is sent to the server for permission checking."}], "id": "CVE-2025-68242", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-16T15:15:53.430", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e9be902041c6b9f0ed4b72764187eed1067a42f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b2e4cda71ed062c87573b016d2d956a62f4258ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b623390045a81fc559decb9bfeb79319721d3dfb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: NFS: Fix LTP test failures when timestamps are delegated", "id": "2422769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422769"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-68242", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68242\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68242\nhttps://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68242-45e0@gregkh/T"], "threat_severity": "Moderate"}

{}