CVE-2025-40210

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"<br /> <br /> I&amp;#39;ve found that pynfs COMP6 now leaves the connection or lease in a<br /> strange state, which causes CLOSE9 to hang indefinitely. I&amp;#39;ve dug<br /> into it a little, but I haven&amp;#39;t been able to root-cause it yet.<br /> However, I bisected to commit 48aab1606fa8 ("NFSD: Remove the cap on<br /> number of operations per NFSv4 COMPOUND").<br /> <br /> Tianshuo Han also reports a potential vulnerability when decoding<br /> an NFSv4 COMPOUND. An attacker can place an arbitrarily large op<br /> count in the COMPOUND header, which results in:<br /> <br /> [ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total<br /> pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO),<br /> nodemask=(null),cpuset=/,mems_allowed=0<br /> <br /> when NFSD attempts to allocate the COMPOUND op array.<br /> <br /> Let&amp;#39;s restore the operation-per-COMPOUND limit, but increased to 200<br /> for now.