Deadlock Vulnerability in Linux Kernel's SMB Server Functionality
CVE-2025-38711

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38711?

A deadlock vulnerability exists in the Linux Kernel's SMB server functionality that arises when the smb2_create_link() function is called with the ReplaceIfExists parameter set. When a link is created to an existing name, this leads to a deadlock situation as the parent directory gets locked during the link creation process. The locking mechanism fails because the function attempts to lock the parent directory again even while it is already locked, consequently resulting in a deadlock. A patch has been introduced to prevent this issue by rearranging the call order, ensuring that the parent directory is unlocked before attempting to create the link, thereby simplifying the code and improving its reliability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 9d5012ffe14120f978ee34aef4df3d6cb026b7c4

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 1e858a7a51c7b8b009d8f246de7ceb7743b44a71

References

https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef...
https://git.kernel.org/stable/c/ac98d54630d5b52e3f684d872...
https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246d...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.