CVE-2025-39927

CVSS v2.0

5.5

Medium

Vector

AV:L/AC:H/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Ceph implementation within the Linux kernel related to validating the parent directory inode before applying state changes. Specifically, the issue arises when concurrent operations, such as rename operations, cause the r parent to become stale between the request initiation and reply processing. This can lead to state changes being applied to incorrect directory inodes. A related problem involves the incorrect handling of CEPH CAP PIN references when r parent is updated, leading to reference leaks and potential underflows. The fix involves adding validation to ensure the cached parent directory inode matches the directory information in MDS replies and correctly adjusting the CEPH CAP PIN reference when r parent is updated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-362

Related Identifiers

AZL-68001

AZL-71891

BDU:2026-03367

CVE-2025-39927

ECHO-362B-81E2-73A3

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Ceph

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-39927

Weakness Enumeration

Related Identifiers

Affected Products

References · 1968