CVE-2025-39697
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39697
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39697.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39697
- Downstream
- Related
- Published
- 2025-09-05T17:21:03.178Z
- Modified
- 2025-11-28T02:34:17.089536Z
- Summary
- NFS: Fix a race when updating an existing write
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a race when updating an existing write
After nfslockandjoinrequests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest() from succeeding until we actually lock the page group. The reason is that whoever called nfsinoderemoverequest() doesn't necessarily have a lock on the page group head.
So in order to avoid races, let's take the page group lock earlier in nfslockandjoinrequests(), and hold it across the removal of the request in nfsinoderemove_request().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39697.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0ff42a32784e0f2cb46a46da8e9f473538c13e1b
- https://git.kernel.org/stable/c/181feb41f0b268e6288bf9a7b984624d7fe2031d
- https://git.kernel.org/stable/c/202a3432d21ac060629a760fff3b0a39859da3ea
- https://git.kernel.org/stable/c/76d2e3890fb169168c73f2e4f8375c7cc24a765e
- https://git.kernel.org/stable/c/92278ae36935a54e65fef9f8ea8efe7e80481ace
- https://git.kernel.org/stable/c/c32e3c71aaa1c1ba05da88605e2ddd493c58794f
- https://git.kernel.org/stable/c/f230d40147cc37eb3aef4d50e2e2c06ea73d9a77
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39697.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39697
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbd37d6fce184836bd5e7cd90ce40116a4fadaf2aFixed0ff42a32784e0f2cb46a46da8e9f473538c13e1bFixedf230d40147cc37eb3aef4d50e2e2c06ea73d9a77Fixedc32e3c71aaa1c1ba05da88605e2ddd493c58794fFixed181feb41f0b268e6288bf9a7b984624d7fe2031dFixed92278ae36935a54e65fef9f8ea8efe7e80481aceFixed202a3432d21ac060629a760fff3b0a39859da3eaFixed76d2e3890fb169168c73f2e4f8375c7cc24a765e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.14.0Fixed5.10.242
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.191
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.150
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.104
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.44
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.16.4