CVE-2025-68803 (GCVE-0-2025-68803)

Vulnerability from cvelistv5 – Published: 2026-01-13 15:29 – Updated: 2026-01-13 15:29
VLAI?
Title
NFSD: NFSv4 file creation neglects setting ACL
Summary
In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mode bits) and not the ACL that was requested during file creation. This violates RFC 8881 section 6.4.1.3: "the ACL attribute is set as given". The issue occurs in nfsd_create_setattr(), which calls nfsd_attrs_valid() to determine whether to call nfsd_setattr(). However, nfsd_attrs_valid() checks only for iattr changes and security labels, but not POSIX ACLs. When only an ACL is present, the function returns false, nfsd_setattr() is skipped, and the POSIX ACL is never applied to the inode. Subsequently, when the client retrieves the ACL, the server finds no POSIX ACL on the inode and returns one generated from the file's mode bits rather than returning the originally-specified ACL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b , < 60dbdef2ebc2317266a385e4debdb1bb0e57afe1 (git)
Affected: c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b , < bf4e671c651534a307ab2fabba4926116beef8c3 (git)
Affected: c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b , < 214b396480061cbc8b16f2c518b2add7fbfa5192 (git)
Affected: c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b , < 913f7cf77bf14c13cfea70e89bcb6d0b22239562 (git)
Affected: c5409ce523af40d5c3019717bc5b4f72038d48be (git)
Affected: d52acd23a327cada5fb597591267cfc09f08bb1d (git)
Create a notification for this product.
    Linux Linux Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.160 , ≤ 6.1.* (semver)
Unaffected: 6.12.64 , ≤ 6.12.* (semver)
Unaffected: 6.18.3 , ≤ 6.18.* (semver)
Unaffected: 6.19-rc3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "60dbdef2ebc2317266a385e4debdb1bb0e57afe1",
              "status": "affected",
              "version": "c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b",
              "versionType": "git"
            },
            {
              "lessThan": "bf4e671c651534a307ab2fabba4926116beef8c3",
              "status": "affected",
              "version": "c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b",
              "versionType": "git"
            },
            {
              "lessThan": "214b396480061cbc8b16f2c518b2add7fbfa5192",
              "status": "affected",
              "version": "c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b",
              "versionType": "git"
            },
            {
              "lessThan": "913f7cf77bf14c13cfea70e89bcb6d0b22239562",
              "status": "affected",
              "version": "c0cbe70742f4a70893cd6e5f6b10b6e89b6db95b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c5409ce523af40d5c3019717bc5b4f72038d48be",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d52acd23a327cada5fb597591267cfc09f08bb1d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/vfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.160",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.64",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.3",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc3",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.220",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: NFSv4 file creation neglects setting ACL\n\nAn NFSv4 client that sets an ACL with a named principal during file\ncreation retrieves the ACL afterwards, and finds that it is only a\ndefault ACL (based on the mode bits) and not the ACL that was\nrequested during file creation. This violates RFC 8881 section\n6.4.1.3: \"the ACL attribute is set as given\".\n\nThe issue occurs in nfsd_create_setattr(), which calls\nnfsd_attrs_valid() to determine whether to call nfsd_setattr().\nHowever, nfsd_attrs_valid() checks only for iattr changes and\nsecurity labels, but not POSIX ACLs. When only an ACL is present,\nthe function returns false, nfsd_setattr() is skipped, and the\nPOSIX ACL is never applied to the inode.\n\nSubsequently, when the client retrieves the ACL, the server finds\nno POSIX ACL on the inode and returns one generated from the file\u0027s\nmode bits rather than returning the originally-specified ACL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T15:29:11.732Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/60dbdef2ebc2317266a385e4debdb1bb0e57afe1"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf4e671c651534a307ab2fabba4926116beef8c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/214b396480061cbc8b16f2c518b2add7fbfa5192"
        },
        {
          "url": "https://git.kernel.org/stable/c/913f7cf77bf14c13cfea70e89bcb6d0b22239562"
        }
      ],
      "title": "NFSD: NFSv4 file creation neglects setting ACL",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68803",
    "datePublished": "2026-01-13T15:29:11.732Z",
    "dateReserved": "2025-12-24T10:30:51.045Z",
    "dateUpdated": "2026-01-13T15:29:11.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68803\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-13T16:16:02.377\",\"lastModified\":\"2026-01-13T16:16:02.377\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nNFSD: NFSv4 file creation neglects setting ACL\\n\\nAn NFSv4 client that sets an ACL with a named principal during file\\ncreation retrieves the ACL afterwards, and finds that it is only a\\ndefault ACL (based on the mode bits) and not the ACL that was\\nrequested during file creation. This violates RFC 8881 section\\n6.4.1.3: \\\"the ACL attribute is set as given\\\".\\n\\nThe issue occurs in nfsd_create_setattr(), which calls\\nnfsd_attrs_valid() to determine whether to call nfsd_setattr().\\nHowever, nfsd_attrs_valid() checks only for iattr changes and\\nsecurity labels, but not POSIX ACLs. When only an ACL is present,\\nthe function returns false, nfsd_setattr() is skipped, and the\\nPOSIX ACL is never applied to the inode.\\n\\nSubsequently, when the client retrieves the ACL, the server finds\\nno POSIX ACL on the inode and returns one generated from the file\u0027s\\nmode bits rather than returning the originally-specified ACL.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/214b396480061cbc8b16f2c518b2add7fbfa5192\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/60dbdef2ebc2317266a385e4debdb1bb0e57afe1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/913f7cf77bf14c13cfea70e89bcb6d0b22239562\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bf4e671c651534a307ab2fabba4926116beef8c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.