PatchSiren cyber security CVE debrief
CVE-2025-68803 Linux CVE debrief
A Linux kernel vulnerability CVE-2025-68803 was found in the NFSv4 file creation process. The issue occurs when an NFSv4 client sets an ACL with a named principal during file creation, but the ACL is not applied to the inode. This vulnerability violates RFC 8881 section 6.4.1.3. The vulnerability has a high defensive priority and requires immediate attention from system administrators and users of Linux kernel-based systems who use NFSv4 protocol for file sharing.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-07-14
Who should care
System administrators and users of Linux kernel-based systems who use NFSv4 protocol for file sharing should be aware of this vulnerability. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. They should also plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Technical summary
The vulnerability is caused by the nfsd_create_setattr() function calling nfsd_attrs_valid() to determine whether to call nfsd_setattr(). However, nfsd_attrs_valid() checks only for iattr changes and security labels, but not POSIX ACLs. When only an ACL is present, the function returns false, nfsd_setattr() is skipped, and the POSIX ACL is never applied to the inode. The fix involves modifying the nfsd_create_setattr() function to properly handle POSIX ACLs.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by the Linux kernel maintainers
- Verify and update the Linux kernel to the latest version
- Monitor NFSv4 file creation and ACL settings
- Implement compensating controls to ensure ACLs are properly applied
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was resolved by the Linux kernel maintainers. The fix involves modifying the nfsd_create_setattr() function to properly handle POSIX ACLs. Evidence of the fix can be found in the official Linux kernel repository. The vulnerability was made public on 2026-01-13T16:16:02.377Z. Defenders should verify the patch and update their Linux kernel to the latest version. Additional information can be found in the CVE record and NVD detail.
Official resources
-
CVE-2025-68803 CVE record
CVE.org
-
CVE-2025-68803 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:16:02.377Z and has not been modified since then.