CVE-2025-39697
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39697
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
linux linux_kernel 5.10.244-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's NFS (Network File System) implementation. Specifically, it occurs when updating an existing write request. The function nfs_lock_and_join_requests() checks if a request is still attached to the mapping, but there is a window where another function, nfs_inode_remove_request(), can remove the request before the page group is locked. This happens because the caller of nfs_inode_remove_request() may not hold the lock on the page group head, leading to a race condition. The fix involves taking the page group lock earlier and holding it during the removal of the request to prevent this race.

Impact Analysis

This race condition could lead to inconsistent or corrupted data when multiple write requests are processed concurrently in the NFS subsystem of the Linux kernel. It may cause data integrity issues or unexpected behavior in file operations over NFS, potentially impacting system stability or data reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39697. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart