41 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed a reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the...
UBUNTU-CVE-2026-43470
In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3proccreate if dalias is a dir If we found an alias through nfs3docreate/nfsaddorobtain /dsplicealias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but t...
SUSE-SU-2026:1356-1 Security update for nfs-utils
This update for nfs-utils fixes the following issue: Security fixes: - CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory bsc1259204. Other fixes: - Split from nfs-utils into its own spec and changelog file...
CentOS 9 : nfs-utils-2.5.4-42.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nfs- utils-2.5.4-42.el9 build changelog. - A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate th...
CLSA-2026-1773224214 nfs-utils: Fix of CVE-2025-12801
CVE-2025-12801: fix rpc.mountd privilege escalation allowing NFSv3 clients to bypass rootsquash and allsquash when mounting subdirectories...
nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
CVE-2025-12801
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
PT-2026-22929
Name of the Vulnerable Software and Affected Versions nfs-utils affected versions not specified Description A flaw exists in the rpc.mountd daemon within the nfs-utils package for Linux. This issue allows a Network File System version 3 NFSv3 client to gain higher privileges than those defined in...
PT-2025-47906
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Network File System daemon nfsd in the Linux kernel contains a flaw related to reference counting in the nfsd set fh dentry function. Specifically, when an NFSv3 or NFSv2 client uses...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989919)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989919 advisory. In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bcserv is NULL When a rdma server returns a fault form...
EUVD-2022-55667
In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns failed, iiodeviceregistereventset needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced...
Linux Distros Unpatched Vulnerability : CVE-2022-50302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfslockfile expects the struct filelock...
DEBIAN-CVE-2022-50345
In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv3 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...
CVE-2022-50345
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50345
CVE-2022-50345 refers to a Linux kernel NFSD issue affecting NFSv3 READ, where the send buffer overflow risk stems from how NFSD tallies RPC pages for request/response. Multiple vendor advisories (e.g., ALAS2KERNEL-5.15-2025-090 and ALAS2KERNEL-5.10-2025-106) indicate the vulnerability has been r...
SUSE CVE-2022-50302
In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfslockfile expects the struct filelock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the flfile field is NULL...
CVE-2022-50302
In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfslockfile expects the struct filelock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the flfile field is NULL...
CVE-2022-50302 lockd: set other missing fields when unlocking files
In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfslockfile expects the struct filelock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the flfile field is NULL...