Homepage

CVE-2025-68242 Affecting kernel-uek-doc package, versions <0:6.12.0-107.59.3.2.el9uek

Severity

 Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.03% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-KERNELUEKDOC-15008317
  • published16 Jan 2026
  • disclosed16 Dec 2025
Report a new vulnerability Found a mistake?

Introduced: 16 Dec 2025

CVE-2025-68242  (opens in a new tab)

How to fix?

Upgrade Oracle:9 kernel-uek-doc to version 0:6.12.0-107.59.3.2.el9uek or higher.
This issue was patched in ELSA-2026-50006.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-doc package and not the kernel-uek-doc package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix LTP test failures when timestamps are delegated

The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID.

The problem can be reproduced as follow:

echo "/media *(rw,no_root_squash,sync)" >> /etc/exports

export -ra

mount -o rw,nfsvers=4.2 127.0.0.1:/media /tmpdir

cd /opt/ltp

./runltp -d /tmpdir -s utimes01

./runltp -d /tmpdir -s utime06

This issue occurs because nfs_setattr does not verify the inode's UID against the caller's fsuid when delegated timestamps are permitted for the inode.

This patch adds the UID check and if it does not match then the request is sent to the server for permission checking.

CVSS Base Scores

version 3.1