RLSA-2026:3940

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:3940
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:3940.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2026:3940
Upstream
Published
2026-03-10T12:04:10.709568Z
Modified
2026-03-23T04:52:38.339362Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Moderate: nfs-utils security update
Details

The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs.

Security Fix(es):

  • nfs-utils: rpc.mountd in the nfs-utils privilege escalation (CVE-2025-12801)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / nfs-utils

Package

Name
nfs-utils
Purl
pkg:rpm/rocky-linux/nfs-utils?distro=rocky-linux-9&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.5.4-38.el9_7.3
Database specific 
{
    "yum_repository": "BaseOS"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:3940.json"