CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access

🗓️ 28 Oct 2025 11:48:19Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

ksmbd fixes race in RPC handle list by using write locks for changes and read locks for lookups.

Reporter	Title	Published	Views	Family All 227
ATTACKERKB	CVE-2025-40039	28 Oct 202511:48	–	attackerkb
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
Circl	CVE-2025-40039	19 Mar 202600:00	–	circl
CNNVD	Linux kernel 安全漏洞	28 Oct 202500:00	–	cnnvd
CVE	CVE-2025-40039	28 Oct 202511:48	–	cve
Cvelist	CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access	28 Oct 202511:48	–	cvelist
Debian	[SECURITY] [DLA 4476-1] linux-6.1 security update	11 Feb 202612:48	–	debian
Debian	[SECURITY] [DSA 6127-1] linux security update	9 Feb 202619:19	–	debian
Debian CVE	CVE-2025-40039	28 Oct 202511:48	–	debiancve
Tenable Nessus	Debian dla-4476 : linux-config-6.1 - security update	11 Feb 202600:00	–	nessus

Source	Link
git	www.git.kernel.org/stable/c/305853cce379407090a73b38c5de5ba748893aee
git	www.git.kernel.org/stable/c/5cc679ba0f4505936124cd4179ba66bb0a4bd9f3
git	www.git.kernel.org/stable/c/69674b029002b1d90b655f014bdf64f404efa54d
git	www.git.kernel.org/stable/c/6b615a8fb3af0baf8126cde3d4fee97d57222ffc
git	www.git.kernel.org/stable/c/6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40039.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-40039
git	www.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

02 Apr 2026 12:48Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.14.7

EPSS0.0002

race condition rpc handle list ksmbd session xarray write lock read lock concurrency control