CVE-2025-68809

EPSS 0.02%
Veröffentlicht 13.01.2026 15:29:15
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: vfs: fix race on m_flags in vfs_cache

ksmbd maintains delete-on-close and pending-delete state in
ksmbd_inode->m_flags. In vfs_cache.c this field is accessed under
inconsistent locking: some paths read and modify m_flags under
ci->m_lock while others do so without taking the lock at all.

Examples:

 - ksmbd_query_inode_status() and __ksmbd_inode_close() use
   ci->m_lock when checking or updating m_flags.
 - ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),
   ksmbd_clear_inode_pending_delete() and ksmbd_fd_set_delete_on_close()
   used to read and modify m_flags without ci->m_lock.

This creates a potential data race on m_flags when multiple threads
open, close and delete the same file concurrently. In the worst case
delete-on-close and pending-delete bits can be lost or observed in an
inconsistent state, leading to confusing delete semantics (files that
stay on disk after delete-on-close, or files that disappear while still
in use).

Fix it by:

 - Making ksmbd_query_inode_status() look at m_flags under ci->m_lock
   after dropping inode_hash_lock.
 - Adding ci->m_lock protection to all helpers that read or modify
   m_flags (ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),
   ksmbd_clear_inode_pending_delete(), ksmbd_fd_set_delete_on_close()).
 - Keeping the existing ci->m_lock protection in __ksmbd_inode_close(),
   and moving the actual unlink/xattr removal outside the lock.

This unifies the locking around m_flags and removes the data race while
preserving the existing delete-on-close behaviour.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5adad9727a815c26013b0d41cfee92ffa7d4037c

Version f44158485826c076335d6860d35872271a83791d

Status affected

Version < ccc78781041589ea383e61d5d7a1e9a31b210b93

Version f44158485826c076335d6860d35872271a83791d

Status affected

Version < ee63729760f5b61a66f345c54dc4c7514e62383d

Version f44158485826c076335d6860d35872271a83791d

Status affected

Version < 991f8a79db99b14c48d20d2052c82d65b9186cad

Version f44158485826c076335d6860d35872271a83791d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/5adad9727a815c26013b0d41cfee92ffa7d4037c

https://git.kernel.org/stable/c/ccc78781041589ea383e61d5d7a1e9a31b210b93

https://git.kernel.org/stable/c/ee63729760f5b61a66f345c54dc4c7514e62383d

https://git.kernel.org/stable/c/991f8a79db99b14c48d20d2052c82d65b9186cad

https://nvd.nist.gov/vuln/detail/CVE-2025-68809

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68809

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68809

EUVD