CVE-2025-68243

Linux Kernel - TLS Certificate Validation Bypass in NFS Client Identity Check

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the client's identity, as presented to the server.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/b8fa37219074811c04d4ecb742c73e2b296da6a8

Patch

https://git.kernel.org/stable/c/fb2cba0854a7f315c8100a807a6959b99d72479e

Scores

EPSS 0.0002

EPSS Percentile 4.7%

Details

Status published

Products (7)

linux/Kernel 6.17.0 - 6.17.9linux

Linux/Linux < 6.17

Linux/Linux 6.17

Linux/Linux 6.17.9 - 6.17.*

Linux/Linux 6.18

Linux/Linux 90c9550a8d65fb9b1bf87baf97a04ed91bf61b33 - b8fa37219074811c04d4ecb742c73e2b296da6a8

Linux/Linux 90c9550a8d65fb9b1bf87baf97a04ed91bf61b33 - fb2cba0854a7f315c8100a807a6959b99d72479e

Published Dec 16, 2025

Tracked Since Feb 18, 2026