In the Linux kernel, the following vulnerability has been resolved:
smb/server: avoid deadlock when linking with ReplaceIfExists
If smb2_create_link() is called with ReplaceIfExists set and the name
does exist then a deadlock will happen.
ksmbd_vfs_kern_path_locked() will return with success and the parent
directory will be locked. ksmbd_vfs_remove_file() will then remove the
file. ksmbd_vfs_link() will then be called while the parent is still
locked. It will try to lock the same parent and will deadlock.
This patch moves the ksmbd_vfs_kern_path_unlock() call to before
ksmbd_vfs_link() and then simplifies the code, removing the file_present
flag variable.
| Score | Percentile |
|---|---|
| 0.01% | 2.78% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-c3j4-c39c-w5r2 ↗ |
| CVE | CVE-2025-38711 ↗ |
| CWE id | Name |
|---|---|
| CWE-667 | Improper Locking |