AZL-78383

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78383.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78383

Upstream

CVE-2025-40039

Published

2025-10-28T12:15:37Z

Modified

2026-04-01T05:23:14.384692Z

Summary

CVE-2025-40039 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix race condition in RPC handle list access

The 'sess->rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpclock' (an rwsemaphore). However, the locking implementation was flawed, leading to potential race conditions.

In ksmbdsessionrpcopen(), the code incorrectly acquired only a read lock before calling xastore() and xa_erase(). Since these operations modify the XArray structure, a write lock is required to ensure exclusive access and prevent data corruption from concurrent modifications.

Furthermore, ksmbdsessionrpcmethod() accessed the list using xaload() without holding any lock at all. This could lead to reading inconsistent data or a potential use-after-free if an entry is concurrently removed and the pointer is dereferenced.

Fix these issues by: 1. Using downwrite() and upwrite() in ksmbdsessionrpcopen() to ensure exclusive access during XArray modification, and ensuring the lock is correctly released on error paths. 2. Adding downread() and upread() in ksmbdsessionrpcmethod() to safely protect the lookup.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40039

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78383.json"