CVE-2025-40039

EPSS 0.02%
Veröffentlicht 28.10.2025 11:48:19
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix race condition in RPC handle list access

The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd
session. Access to this list is intended to be protected by
'sess->rpc_lock' (an rw_semaphore). However, the locking implementation was
flawed, leading to potential race conditions.

In ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock
before calling xa_store() and xa_erase(). Since these operations modify
the XArray structure, a write lock is required to ensure exclusive access
and prevent data corruption from concurrent modifications.

Furthermore, ksmbd_session_rpc_method() accessed the list using xa_load()
without holding any lock at all. This could lead to reading inconsistent
data or a potential use-after-free if an entry is concurrently removed and
the pointer is dereferenced.

Fix these issues by:
1. Using down_write() and up_write() in ksmbd_session_rpc_open()
   to ensure exclusive access during XArray modification, and ensuring
   the lock is correctly released on error paths.
2. Adding down_read() and up_read() in ksmbd_session_rpc_method()
   to safely protect the lookup.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5cc679ba0f4505936124cd4179ba66bb0a4bd9f3

Version b685757c7b08d5073046fb379be965fd6c06aafc

Status affected

Version < 6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1

Version b685757c7b08d5073046fb379be965fd6c06aafc

Status affected

Version < 305853cce379407090a73b38c5de5ba748893aee

Version b685757c7b08d5073046fb379be965fd6c06aafc

Status affected

Version 1f485b54d04a920723984062c912174330a05178

Status affected

Version 052b41ef2abe274f068e892aee81406f11bd1f3a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.3

Status affected

Version < 6.3

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5cc679ba0f4505936124cd4179ba66bb0a4bd9f3

https://git.kernel.org/stable/c/6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1

https://git.kernel.org/stable/c/305853cce379407090a73b38c5de5ba748893aee

https://nvd.nist.gov/vuln/detail/CVE-2025-40039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40039

EUVD