CVE-2025-68242

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFS: Fix LTP test failures when timestamps are delegated<br /> <br /> The utimes01 and utime06 tests fail when delegated timestamps are<br /> enabled, specifically in subtests that modify the atime and mtime<br /> fields using the &amp;#39;nobody&amp;#39; user ID.<br /> <br /> The problem can be reproduced as follow:<br /> <br /> # echo "/media *(rw,no_root_squash,sync)" &gt;&gt; /etc/exports<br /> # export -ra<br /> # mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir<br /> # cd /opt/ltp<br /> # ./runltp -d /tmpdir -s utimes01<br /> # ./runltp -d /tmpdir -s utime06<br /> <br /> This issue occurs because nfs_setattr does not verify the inode&amp;#39;s<br /> UID against the caller&amp;#39;s fsuid when delegated timestamps are<br /> permitted for the inode.<br /> <br /> This patch adds the UID check and if it does not match then the<br /> request is sent to the server for permission checking.