CVE-2025-38711 in Linuxinfo

Zusammenfassung

von MITRE • 04.09.2025

In the Linux kernel, the following vulnerability has been resolved:

smb/server: avoid deadlock when linking with ReplaceIfExists

If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen.

ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock.

This patch moves the ksmbd_vfs_kern_path_unlock() call to *before* ksmbd_vfs_link() and then simplifies the code, removing the file_present flag variable.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Linux

Reservieren

16.04.2025

Veröffentlichung

04.09.2025

Moderieren

akzeptiert

Eintrag

VDB-322571

CPE

bereit

EPSS

0.00111

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!