{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68349","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.300Z","datePublished":"2025-12-24T10:32:41.253Z","dateUpdated":"2026-05-11T21:51:28.834Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:51:28.834Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n    -> nfs4_write_inode\n        -> pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfs/pnfs.c"],"versions":[{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"084bebe82ad86f718a3af84f34761863e63164ed","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"b6e4e3a08c03200cc4b8067ec8ab3172a989d6fc","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"104080582ae0aa6dce6c6d75ff89062efe84673b","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"f718f9ea6094843b8c059b073af49ad61e9f49bb","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"59947dff0fb7c19c09ce6dccbcd253fd542b6c25","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"ca2e7fdad7c683b64821c94a58b9b68733214dad","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"38694f9aae00459ab443a7dc8b3949a6b33b560a","status":"affected","versionType":"git"},{"version":"fe1cf9469d7bcb6af27e42eb555a41b0135bce4a","lessThan":"e0f8058f2cb56de0b7572f51cd563ca5debce746","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nfs/pnfs.c"],"versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/084bebe82ad86f718a3af84f34761863e63164ed"},{"url":"https://git.kernel.org/stable/c/b6e4e3a08c03200cc4b8067ec8ab3172a989d6fc"},{"url":"https://git.kernel.org/stable/c/104080582ae0aa6dce6c6d75ff89062efe84673b"},{"url":"https://git.kernel.org/stable/c/f718f9ea6094843b8c059b073af49ad61e9f49bb"},{"url":"https://git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25"},{"url":"https://git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dad"},{"url":"https://git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560a"},{"url":"https://git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746"}],"title":"NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid","x_generator":{"engine":"bippy-1.2.0"}}}}