Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]smb/server: avoid deadlock when linking with ReplaceIfExists[EOL][EOL]If smb2_create_link() is called with ReplaceIfExists set and the name[EOL]does exist then a deadlock will happen.[EOL][EOL]ksmbd_vfs_kern_path_locked() will return with success and the parent[EOL]directory will be locked. ksmbd_vfs_remove_file() will then remove the[EOL]file. ksmbd_vfs_link() will then be called while the parent is still[EOL]locked. It will try to lock the same parent and will deadlock.[EOL][EOL]This patch moves the ksmbd_vfs_kern_path_unlock() call to *before*[EOL]ksmbd_vfs_link() and then simplifies the code, removing the file_present[EOL]flag variable.
CREATE(Triage):(User=admin) [CVE-2025-38711 (https://nvd.nist.gov/vuln/detail/CVE-2025-38711)
