PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-68803 Linux CVE debrief

A Linux kernel vulnerability CVE-2025-68803 was found in the NFSv4 file creation process. The issue occurs when an NFSv4 client sets an ACL with a named principal during file creation, but the ACL is not applied to the inode. This vulnerability violates RFC 8881 section 6.4.1.3. The vulnerability has a high defensive priority and requires immediate attention from system administrators and users of Linux kernel-based systems who use NFSv4 protocol for file sharing.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-13
Original CVE updated
2026-07-14
Advisory published
2026-01-13
Advisory updated
2026-07-14

Who should care

System administrators and users of Linux kernel-based systems who use NFSv4 protocol for file sharing should be aware of this vulnerability. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. They should also plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Technical summary

The vulnerability is caused by the nfsd_create_setattr() function calling nfsd_attrs_valid() to determine whether to call nfsd_setattr(). However, nfsd_attrs_valid() checks only for iattr changes and security labels, but not POSIX ACLs. When only an ACL is present, the function returns false, nfsd_setattr() is skipped, and the POSIX ACL is never applied to the inode. The fix involves modifying the nfsd_create_setattr() function to properly handle POSIX ACLs.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by the Linux kernel maintainers
  • Verify and update the Linux kernel to the latest version
  • Monitor NFSv4 file creation and ACL settings
  • Implement compensating controls to ensure ACLs are properly applied
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The vulnerability was resolved by the Linux kernel maintainers. The fix involves modifying the nfsd_create_setattr() function to properly handle POSIX ACLs. Evidence of the fix can be found in the official Linux kernel repository. The vulnerability was made public on 2026-01-13T16:16:02.377Z. Defenders should verify the patch and update their Linux kernel to the latest version. Additional information can be found in the CVE record and NVD detail.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:16:02.377Z and has not been modified since then.