-

CVE-2025-39697

EPSS 0.05%
Veröffentlicht 05.09.2025 17:21:03
Zuletzt bearbeitet 03.11.2025 18:16:41
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a race when updating an existing write

After nfs_lock_and_join_requests() tests for whether the request is
still attached to the mapping, nothing prevents a call to
nfs_inode_remove_request() from succeeding until we actually lock the
page group.
The reason is that whoever called nfs_inode_remove_request() doesn't
necessarily have a lock on the page group head.

So in order to avoid races, let's take the page group lock earlier in
nfs_lock_and_join_requests(), and hold it across the removal of the
request in nfs_inode_remove_request().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0ff42a32784e0f2cb46a46da8e9f473538c13e1b

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < f230d40147cc37eb3aef4d50e2e2c06ea73d9a77

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < c32e3c71aaa1c1ba05da88605e2ddd493c58794f

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < 181feb41f0b268e6288bf9a7b984624d7fe2031d

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < 92278ae36935a54e65fef9f8ea8efe7e80481ace

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < 202a3432d21ac060629a760fff3b0a39859da3ea

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

Version < 76d2e3890fb169168c73f2e4f8375c7cc24a765e

Version bd37d6fce184836bd5e7cd90ce40116a4fadaf2a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.14

Status affected

Version < 4.14

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.242

Status unaffected

Version <= 5.15.*

Version 5.15.191

Status unaffected

Version <= 6.1.*

Version 6.1.150

Status unaffected

Version <= 6.6.*

Version 6.6.104

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/92278ae36935a54e65fef9f8ea8efe7e80481ace

https://git.kernel.org/stable/c/202a3432d21ac060629a760fff3b0a39859da3ea

https://git.kernel.org/stable/c/76d2e3890fb169168c73f2e4f8375c7cc24a765e

https://git.kernel.org/stable/c/0ff42a32784e0f2cb46a46da8e9f473538c13e1b

https://git.kernel.org/stable/c/181feb41f0b268e6288bf9a7b984624d7fe2031d

https://git.kernel.org/stable/c/c32e3c71aaa1c1ba05da88605e2ddd493c58794f

https://git.kernel.org/stable/c/f230d40147cc37eb3aef4d50e2e2c06ea73d9a77

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://nvd.nist.gov/vuln/detail/CVE-2025-39697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39697

EUVD