CVE-2025-39825Race Condition in Linux

CWE-362Race ConditionCWE-366Race Condition within a Thread16 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 97.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 16
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as well as marking all existing open handles as deleted to prevent them from deferring closes, which increases the race window for potential concurrent opens on the target file. Fix this by unhashing the dentry in advance

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.136.1.150+4
Debianlinux/linux_kernel< 6.1.153-1+2
CVEListV5linux/linux78c09634f7dc061a3bd09704cdbebb3762a45cdfc9e7de284da0be5b44dbe79d71573f9f7f9b144c+5

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
smb: client: fix race with concurrent opens in rename(2)2025-09-16
GHSA
GHSA-3f3q-q5cj-phc5: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the ren2025-09-16
OSV
CVE-2025-39825: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the renam2025-09-16

📋Vendor Advisories

12
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23
CVE-2025-39825 — Race Condition in Linux | cvebase