CVE-2025-39927

01.10.2025, 08:15

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix race condition validating r_parent before applying state

Add validation to ensure the cached parent directory inode matches the
directory info in MDS replies. This prevents client-side race conditions
where concurrent operations (e.g. rename) cause r_parent to become stale
between request initiation and reply processing, which could lead to
applying state changes to incorrect directory inodes.

[ idryomov: folded a kerneldoc fixup and a follow-up fix from Alex to
move CEPH_CAP_PIN reference when r_parent is updated:

When the parent directory lock is not held, req->r_parent can become
stale and is updated to point to the correct inode. However, the
associated CEPH_CAP_PIN reference was not being adjusted. The
CEPH_CAP_PIN is a reference on an inode that is tracked for
accounting purposes. Moving this pin is important to keep the
accounting balanced. When the pin was not moved from the old parent
to the new one, it created two problems: The reference on the old,
stale parent was never released, causing a reference leak.
A reference for the new parent was never acquired, creating the risk
of a reference underflow later in ceph_mdsc_release_request(). This
patch corrects the logic by releasing the pin from the old parent and
acquiring it for the new parent when r_parent is switched. This
ensures reference accounting stays balanced. ]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.12-2 fixed
sid	6.17.7-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-hwe

plucky	dne
noble	dne
jammy	dne
bionic	ignored
xenial	needs-triage

linux-hwe-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-hwe-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-hwe-5.19

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.2

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.5

plucky	dne
noble	dne
jammy	ignored

linux-hwe-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-hwe-6.11

plucky	dne
noble	ignored
jammy	dne

linux-hwe-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-hwe-edge

plucky	dne
noble	dne
jammy	dne
bionic	ignored
xenial	ignored

linux-lts-xenial

plucky	dne
noble	dne
jammy	dne
trusty	needs-triage

linux-kvm

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-allwinner-5.19

plucky	dne
noble	dne
jammy	ignored

linux-aws

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-aws-5.0

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-aws-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-aws-5.19

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.2

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.5

plucky	dne
noble	dne
jammy	ignored

linux-aws-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-aws-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-aws-hwe

plucky	dne
noble	dne
jammy	dne
xenial	needs-triage

linux-azure

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage
trusty	needs-triage

linux-azure-4.15

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-5.19

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.2

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.5

plucky	dne
noble	dne
jammy	ignored

linux-azure-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-azure-6.11

plucky	dne
noble	ignored
jammy	dne

linux-azure-fde

plucky	needs-triage
noble	dne
jammy	needs-triage
focal	ignored

linux-azure-fde-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-fde-5.19

plucky	dne
noble	dne
jammy	ignored

linux-azure-fde-6.2

plucky	dne
noble	dne
jammy	ignored

linux-azure-nvidia

plucky	dne
noble	needs-triage
jammy	dne

linux-bluefield

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-edge

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-aws-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-azure-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gcp-fips

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gcp

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage

linux-gcp-4.15

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gcp-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-gcp-5.19

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.2

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.5

plucky	dne
noble	dne
jammy	ignored

linux-gcp-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-gcp-6.11

plucky	dne
noble	ignored
jammy	dne

linux-gcp-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-gke

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gke-4.15

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.4

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-gkeop

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gkeop-5.4

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-gkeop-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-ibm

plucky	dne
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-ibm-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-ibm-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-ibm-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-intel-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-intel-iotg

plucky	dne
noble	dne
jammy	needs-triage

linux-intel-iotg-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-iot

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-intel-iot-realtime

plucky	dne
noble	dne
jammy	needs-triage

linux-lowlatency

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-lowlatency-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-lowlatency-hwe-5.19

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.2

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.5

plucky	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-lowlatency-hwe-6.11

plucky	dne
noble	ignored
jammy	dne

linux-nvidia

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-6.2

plucky	dne
noble	dne
jammy	ignored

linux-nvidia-6.5

plucky	dne
noble	dne
jammy	ignored

linux-nvidia-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-nvidia-6.11

plucky	dne
noble	needs-triage
jammy	dne

linux-nvidia-lowlatency

plucky	dne
noble	needs-triage
jammy	dne

linux-nvidia-tegra

plucky	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-tegra-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-nvidia-tegra-igx

plucky	dne
noble	dne
jammy	needs-triage

linux-oracle

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-oracle-5.0

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.3

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-oracle-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-oracle-6.5

plucky	dne
noble	dne
jammy	ignored

linux-oracle-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-oracle-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-oem

plucky	dne
noble	dne
jammy	dne
bionic	ignored

linux-oem-5.6

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.10

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.14

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.17

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.0

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.1

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.5

plucky	dne
noble	dne
jammy	ignored

linux-oem-6.8

plucky	dne
noble	needs-triage
jammy	dne

linux-oem-6.11

plucky	dne
noble	needs-triage
jammy	dne

linux-oem-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-raspi

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-raspi2

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-raspi-5.4

plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-raspi-realtime

plucky	dne
noble	needs-triage
jammy	dne

linux-realtime

plucky	needs-triage
noble	needs-triage
jammy	needs-triage

linux-realtime-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-realtime-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-riscv

plucky	needs-triage
noble	ignored
jammy	ignored
focal	ignored

linux-riscv-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.15

plucky	dne
noble	dne
jammy	dne
focal	needs-triage

linux-riscv-5.19

plucky	dne
noble	dne
jammy	ignored

linux-riscv-6.5

plucky	dne
noble	dne
jammy	ignored

linux-riscv-6.8

plucky	dne
noble	dne
jammy	needs-triage

linux-riscv-6.14

plucky	dne
noble	needs-triage
jammy	dne

linux-starfive-5.19

plucky	dne
noble	dne
jammy	ignored

linux-starfive-6.2

plucky	dne
noble	dne
jammy	ignored

linux-starfive-6.5

plucky	dne
noble	dne
jammy	ignored

linux-xilinx-zynqmp

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und andere nicht näher spezifizierte Angriffe durchzuführen, möglicherweise um beliebigen Code auszuführen oder eine Speicherbeschädigung zu verursachen.
Published: 2025-09-30T22:00:00+00:00

References

https://git.kernel.org/stable/c/15f519e9f883b316d86e2bb6b767a023aafd9d83

https://git.kernel.org/stable/c/2bfe45987eb346e299d9f763f9cd05f77011519f

https://git.kernel.org/stable/c/db378e6f83ec705c6091c65d482d555edc2b0a72