CVE-2025-39730

Advisory lineage Upstream: 0 Downstream: 65

Downstream

DEBIAN-CVE-2025-39730 DLA-4327-1 DLA-4328-1 MGASA-2025-0234 MGASA-2025-0235 OPENSUSE-SU-2025:20081-1

Analyzed

Published: 07 Sept 2025, 15:16

Last modified:11 May 2026, 21:35

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Sept 2025, 15:16

Published

Vulnerability first disclosed

11 May 2026, 21:35

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Affected Systems

debian•debian_linux
11.0
linux•linux
≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 7f8eca87fef7519e9c41f3258f25ebc2752247ee | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < cb09afa0948d96b1e385d609ed044bb1aa043536 | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 3570ef5c31314c13274c935a20b91768ab5bf412 | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 763810bb883cb4de412a72f338d80947d97df67b | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 12ad3def2e5e0b120e3d0cb6ce8b7b796819ad40 | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 2ad40b7992aa26bc631afc1a995b0e3ddc30de3f | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < b7f7866932466332a2528fda099000b035303485 | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < 7dd36f7477d1e03a1fcf8d13531ca326c4fb599f | ≥ 20fa19027286983ab2734b5910c4a687436e0c31, < ef93a685e01a281b5e2a25ce4e3428cf9371a205 | 4.13
linux•linux_kernel
≥ 4.13, < 5.4.297 | ≥ 5.5, < 5.10.241 | ≥ 5.11, < 5.15.190 | ≥ 5.16, < 6.1.148 | ≥ 6.2, < 6.6.102 | ≥ 6.7, < 6.12.42 | ≥ 6.13, < 6.15.10 | ≥ 6.16, < 6.16.1