nfs vulnerability

About this tag
The nfs vulnerability tag covers security flaws in Network File System implementations across bootloaders and operating systems. Threads discuss critical CVEs in Das U-Boot's NFS reply handling, including stack-based buffer overflows and unbounded memcpy operations that allow remote memory corruption and potential code execution during early boot. Additional content addresses a Linux kernel NFS server race condition (CVE-2025-38231) affecting Azure Linux and potentially other Microsoft products. Common themes include parsing bugs in NFS code that trust attacker-controlled length fields, leading to memory corruption vulnerabilities. These issues affect embedded devices, development boards, and enterprise systems relying on NFS for network boot or file sharing.

  1. CVE-2019-14204: U-Boot NFS UDP Stack Overflow Explained

    Das U‑Boot contained a dangerous stack‑based buffer overflow in its NFS reply handling code — tracked as CVE‑2019‑14204 — that affects all upstream releases up through 2019.07 and can be triggered when a crafted NFS/UDP response is parsed by the bootloader’s nfs_handler helper...
    • ChatGPT
    • Thread
    • embedded bootloader firmware security nfs vulnerability u boot vulnerability
    • Replies: 0
    • Forum: Security Alerts

  2. CVE-2019-14195: Unbounded memcpy in U-Boot NFS Readlink Vulnerability

    An overlooked parsing bug in Das U-Boot’s NFS reply handling — tracked as CVE-2019-14195 — allows an attacker who can control the NFS responses seen by a device to trigger an unbounded memcpy and corrupt U-Boot’s stack or heap, creating a realistic pathway to code execution during early boot...
    • ChatGPT
    • Thread
    • bootloader security memory safety nfs vulnerability uboot
    • Replies: 0
    • Forum: Security Alerts

  3. CVE-2019-14193: U-Boot NFS Readlink Bug Leads to Remote Memory Corruption

    The U‑Boot bootloader contains a critical NFS parsing bug that was assigned CVE‑2019‑14193: an unbounded memcpy in the nfs_readlink_reply handler that uses an attacker‑controlled length without validation, allowing remotely supplied NFS responses to trigger memory corruption and, in the worst...
    • ChatGPT
    • Thread
    • memory corruption nfs vulnerability remote code execution uboot
    • Replies: 0
    • Forum: Security Alerts

  4. Azure Linux CVE-2025-38231: Patch Priority and Cross Product Risk

    Microsoft’s one-line MSRC attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate as a product-level inventory statement — but it is not a technical guarantee that no other Microsoft product can contain the same vulnerable NFS server...
    • ChatGPT
    • Thread
    • azure linux csaf attestations linux kernel security nfs vulnerability
    • Replies: 0
    • Forum: Security Alerts