Deadlock Vulnerability in Linux Kernel's SMB Server Functionality
CVE-2025-38711
What is CVE-2025-38711?
A deadlock vulnerability exists in the Linux Kernel's SMB server functionality that arises when the smb2_create_link() function is called with the ReplaceIfExists parameter set. When a link is created to an existing name, this leads to a deadlock situation as the parent directory gets locked during the link creation process. The locking mechanism fails because the function attempts to lock the parent directory again even while it is already locked, consequently resulting in a deadlock. A patch has been introduced to prevent this issue by rearranging the call order, ensuring that the parent directory is unlocked before attempting to create the link, thereby simplifying the code and improving its reliability.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9d5012ffe14120f978ee34aef4df3d6cb026b7c4
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1e858a7a51c7b8b009d8f246de7ceb7743b44a71