Updated: 2025-10-29 04:02:01.462157
Description:
A buffer management flaw was found in the Linux kernel's NFS server implementation in the NFSv3 READDIR operation handling. A remote client can trigger this issue by crafting an RPC call with an oversized RPC record header, which forces the server to shrink its response buffer allocation. This causes the READDIR response construction to write beyond the available buffer space, resulting in a send buffer overflow that leads to memory corruption, denial of service via crash, or potential data integrity issues.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.5 | HIGH | Not Vulnerable | 2026-02-09 11:49:03 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.5 | HIGH | Not Vulnerable | 2026-02-09 11:49:03 |