CVE-2025-38711 in Linuxinformazioni

Riassunto

di MITRE • 04/09/2025

In the Linux kernel, the following vulnerability has been resolved:

smb/server: avoid deadlock when linking with ReplaceIfExists

If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen.

ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock.

This patch moves the ksmbd_vfs_kern_path_unlock() call to *before* ksmbd_vfs_link() and then simplifies the code, removing the file_present flag variable.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

Linux

Prenotare

16/04/2025

Divulgazione

04/09/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00111

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!