Race Condition Vulnerability in Linux Kernel's Samba Implementation
CVE-2025-40090

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40090?

A vulnerability exists in the Linux kernel's Samba implementation, specifically in the ksmbd component, where recursive locking issues in RPC handle list access can lead to hung connections. When a client opens a named pipe using the 'rpcclient' tool, the system may experience a deadlock. The root cause is due to improper management of locks, where the existing lock makes recursive calls problematic, effectively freezing the connection. It's essential for administrators to ensure they are using patched versions of the kernel to mitigate this risk.

Affected Version(s)

Linux 5cc679ba0f4505936124cd4179ba66bb0a4bd9f3 < 4602b8cee1481dbb896182e5cb1e8cf12910e9e7

Linux 6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1 < 3412fbd81b46b9cfae013817b61d4bbd27e09e36

Linux 305853cce379407090a73b38c5de5ba748893aee < 88f170814fea74911ceab798a43cbd7c5599bed4

References

https://git.kernel.org/stable/c/4602b8cee1481dbb896182e5c...

https://git.kernel.org/stable/c/3412fbd81b46b9cfae013817b...

https://git.kernel.org/stable/c/88f170814fea74911ceab798a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON