CVE-2025-39927
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-12-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating r_parent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent operations (e.g. rename) cause r_parent to become stale between request initiation and reply processing, which could lead to applying state changes to incorrect directory inodes. [ idryomov: folded a kerneldoc fixup and a follow-up fix from Alex to move CEPH_CAP_PIN reference when r_parent is updated: When the parent directory lock is not held, req->r_parent can become stale and is updated to point to the correct inode. However, the associated CEPH_CAP_PIN reference was not being adjusted. The CEPH_CAP_PIN is a reference on an inode that is tracked for accounting purposes. Moving this pin is important to keep the accounting balanced. When the pin was not moved from the old parent to the new one, it created two problems: The reference on the old, stale parent was never released, causing a reference leak. A reference for the new parent was never acquired, creating the risk of a reference underflow later in ceph_mdsc_release_request(). This patch corrects the logic by releasing the pin from the old parent and acquiring it for the new parent when r_parent is switched. This ensures reference accounting stays balanced. ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-12-10
Generated
2026-05-06
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39927
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 2.6.35 (inc) to 6.12.48 (exc)
linux linux_kernel From 6.13 (inc) to 6.16.8 (exc)
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 2.6.34
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's Ceph filesystem client. It occurs when validating the cached parent directory inode (r_parent) before applying state changes. Due to concurrent operations like rename, r_parent can become stale between the start of a request and the processing of its reply. This can cause state changes to be applied to the wrong directory inode. Additionally, there was an issue with reference accounting where a CEPH_CAP_PIN reference was not properly moved when r_parent was updated, leading to reference leaks and potential underflows.


How can this vulnerability impact me? :

The vulnerability can cause incorrect state changes to be applied to directory inodes, potentially leading to filesystem inconsistencies or corruption. The reference accounting issue can cause resource leaks or underflows, which might affect system stability or performance when using the Ceph filesystem client in the Linux kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart