VYPR
Medium severity4.7NVD Advisory· Published Sep 5, 2025· Updated May 12, 2026

CVE-2025-39697

CVE-2025-39697

Description

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a race when updating an existing write

After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head.

So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

151

Patches

Vulnerability mechanics

References

11

News mentions

1