CVE-2025-40027: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40027 is a vulnerability discovered in the Linux kernel affecting the 9p filesystem client. The issue was identified and disclosed on October 28, 2025, impacting various Linux kernel versions including 5.10.x through 6.17.x series (NVD, Debian Tracker).

The vulnerability stems from a race condition in the Linux kernel's 9p filesystem client where a double request removal (reqlist deletion) could occur in the p9fdcancelled function. The issue manifests when there's concurrent execution between the 9p client sending an invalid flush request and cleanup, and the p9read_work() function canceling all pending requests. This race condition could lead to a general protection fault and potential memory corruption, as evidenced by KASAN reports (NVD).

The vulnerability could result in memory corruption and system crashes in systems utilizing the 9p filesystem client. This affects various Linux distributions including Debian Bookworm, Trixie, and Sid versions (Debian Tracker).

The issue has been patched in various Linux distributions. Debian Bookworm has been fixed in version 6.1.158-1, and Sid in version 6.17.7-2. The fix involves updating the check for req->status in p9fdcancelled to skip processing not just received requests, but anything that is not in SENT state (Debian Tracker, DSA-6053-1).