| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090456-CVE-2025-38711-b653@gregkh> Date: Thu, 4 Sep 2025 17:33:16 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38711: smb/server: avoid deadlock when linking with ReplaceIfExists From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock. This patch moves the ksmbd_vfs_kern_path_unlock() call to *before* ksmbd_vfs_link() and then simplifies the code, removing the file_present flag variable. The Linux kernel CVE team has assigned CVE-2025-38711 to this issue. Affected and fixed versions =========================== Fixed in 5.15.190 with commit 9d5012ffe14120f978ee34aef4df3d6cb026b7c4 Fixed in 6.1.149 with commit ac98d54630d5b52e3f684d872f0d82c06c418ea9 Fixed in 6.6.103 with commit 1e858a7a51c7b8b009d8f246de7ceb7743b44a71 Fixed in 6.12.43 with commit 814cfdb6358d9b84fcbec9918c8f938cc096a43a Fixed in 6.15.11 with commit a7dddd62578c2eb6cb28b8835556a121b5157323 Fixed in 6.16.2 with commit a726fef6d7d4cfc365d3434e3916dbfe78991a33 Fixed in 6.17-rc1 with commit d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38711 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/smb/server/smb2pdu.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef4df3d6cb026b7c4 https://git.kernel.org/stable/c/ac98d54630d5b52e3f684d872f0d82c06c418ea9 https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246de7ceb7743b44a71 https://git.kernel.org/stable/c/814cfdb6358d9b84fcbec9918c8f938cc096a43a https://git.kernel.org/stable/c/a7dddd62578c2eb6cb28b8835556a121b5157323 https://git.kernel.org/stable/c/a726fef6d7d4cfc365d3434e3916dbfe78991a33 https://git.kernel.org/stable/c/d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694
Powered by blists - more mailing lists