CVE-2025-40039Race Condition in Linux

CWE-362Race Condition16 documents8 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 95.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedOct 28
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpc_lock' (an rw_semaphore). However, the locking implementation was flawed, leading to potential race conditions. In ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock before calling xa_store() and xa_erase(). Since t

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel5.15.1455.16+4
Debianlinux/linux_kernel< 6.1.162-1+2
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxa4348710a7267705b75692dc1a000920481d1d9269674b029002b1d90b655f014bdf64f404efa54d+7

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: ksmbd: Fix race condition in RPC handle list access2025-10-28

🕵️Threat Intelligence

1
Hackernews
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories2026-04-09