Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68811

CVE-2025-68811: Linux Kernel Buffer Overflow Vulnerability

CVE-2025-68811 is a buffer overflow vulnerability in the Linux kernel's svcrdma component that affects memory copy operations. This article covers the technical details, affected versions, and mitigation strategies.

Updated:

CVE-2025-68811 Overview

A vulnerability has been identified in the Linux kernel's svcrdma (Service RDMA) subsystem where the svc_rdma_copy_inline_range function incorrectly uses the page index (rc_curpage) instead of the proper byte offset (rc_pageoff) when calculating the memory copy destination. This error causes data copies to land at incorrect memory locations within the page, potentially leading to memory corruption or data integrity issues in RDMA-based NFS services.

Critical Impact

Memory copy operations in the Linux kernel's RDMA service layer may write to incorrect offsets within memory pages, potentially causing data corruption or system instability in NFS-over-RDMA deployments.

Affected Products

  • Linux kernel (versions with vulnerable svcrdma implementation)
  • Systems running NFS-over-RDMA services
  • RDMA-enabled server deployments

Discovery Timeline

  • 2026-01-13 - CVE CVE-2025-68811 published to NVD
  • 2026-01-13 - Last updated in NVD database

Technical Details for CVE-2025-68811

Vulnerability Analysis

This vulnerability stems from a programming error in the RDMA service layer of the Linux kernel. The svc_rdma_copy_inline_range function is responsible for copying inline data during RDMA operations. When calculating the destination offset for memory copy operations, the function erroneously added rc_curpage (which represents a page index value) to the page base address instead of using rc_pageoff (which contains the actual byte offset within the page).

This semantic confusion between page indexing and byte offsets causes memory copies to target incorrect locations. Depending on the values involved, this could result in writes outside the intended memory region within the page, leading to data corruption or potential memory safety issues.

The vulnerability was discovered by ZeroPath.

Root Cause

The root cause is an incorrect variable reference in the memory offset calculation. The code used rc_curpage (a page index counter) where rc_pageoff (a byte offset within the current page) was intended. This type of error represents a variable misuse pattern where semantically different values with similar naming conventions are confused.

Attack Vector

The attack vector for this vulnerability is not fully characterized. Since it affects the RDMA service layer in the kernel, exploitation would require the ability to trigger specific RDMA operations that exercise the vulnerable svc_rdma_copy_inline_range code path. Systems running NFS-over-RDMA services would be potentially affected, though the severity depends on how the incorrect memory writes manifest in practice.

Detection Methods for CVE-2025-68811

Indicators of Compromise

  • Unexpected data corruption in NFS-over-RDMA operations
  • Kernel log messages indicating memory access anomalies in svcrdma subsystem
  • Intermittent failures or data integrity issues in RDMA-based file transfers

Detection Strategies

  • Monitor kernel logs for svcrdma-related errors or warnings
  • Implement data integrity verification for NFS-over-RDMA transfers
  • Use kernel debugging tools to trace memory operations in the svcrdma subsystem
  • Deploy kernel integrity monitoring to detect unexpected behavior in RDMA operations

Monitoring Recommendations

  • Enable verbose logging for RDMA and NFS subsystems during incident investigation
  • Monitor system stability metrics on RDMA-enabled NFS servers
  • Implement file integrity monitoring on critical data served via NFS-over-RDMA
  • Review kernel crash dumps for svcrdma-related stack traces

How to Mitigate CVE-2025-68811

Immediate Actions Required

  • Apply the available kernel patches from the Linux stable tree
  • Consider temporarily disabling NFS-over-RDMA if patching is not immediately possible
  • Prioritize patching for production systems running RDMA-based NFS services
  • Monitor affected systems for signs of data corruption

Patch Information

The vulnerability has been addressed in the Linux kernel stable tree. The following commits contain the fix:

Apply the appropriate patch for your kernel version from the Linux kernel stable repository.

Workarounds

  • Disable NFS-over-RDMA and use traditional TCP-based NFS as a temporary measure
  • Limit RDMA service exposure to trusted networks only
  • Implement additional data validation for RDMA-transferred data at the application layer
  • Consider using alternative RDMA transport implementations if available
bash
# Temporary workaround: Disable svcrdma module
sudo modprobe -r svcrdma
# Prevent automatic loading
echo "blacklist svcrdma" | sudo tee /etc/modprobe.d/disable-svcrdma.conf

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne