Home

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method() attempts to lock sess->rpc_lock. This causes hung connections / tasks when a client attempts to open a named pipe. Using Samba's rpcclient tool: $ rpcclient //192.168.1.254 -U user%password $ rpcclient $> srvinfo <connection hung here> Kernel side: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:0 state:D stack:0 pid:5021 tgid:5021 ppid:2 flags:0x00200000 Workqueue: ksmbd-io handle_ksmbd_work Call trace: __schedule from schedule+0x3c/0x58 schedule from schedule_preempt_disabled+0xc/0x10 schedule_preempt_disabled from rwsem_down_read_slowpath+0x1b0/0x1d8 rwsem_down_read_slowpath from down_read+0x28/0x30 down_read from ksmbd_session_rpc_method+0x18/0x3c ksmbd_session_rpc_method from ksmbd_rpc_open+0x34/0x68 ksmbd_rpc_open from ksmbd_session_rpc_open+0x194/0x228 ksmbd_session_rpc_open from create_smb2_pipe+0x8c/0x2c8 create_smb2_pipe from smb2_open+0x10c/0x27ac smb2_open from handle_ksmbd_work+0x238/0x3dc handle_ksmbd_work from process_scheduled_works+0x160/0x25c process_scheduled_works from worker_thread+0x16c/0x1e8 worker_thread from kthread+0xa8/0xb8 kthread from ret_from_fork+0x14/0x38 Exception stack(0x8529ffb0 to 0x8529fff8) The task deadlocks because the lock is already held: ksmbd_session_rpc_open down_write(&sess->rpc_lock) ksmbd_rpc_open ksmbd_session_rpc_method down_read(&sess->rpc_lock) <-- deadlock Adjust ksmbd_session_rpc_method() callers to take the lock when necessary.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-30 | Updated 2025-12-01 | Assigner Linux

Product status

Default status
unaffected

5cc679ba0f4505936124cd4179ba66bb0a4bd9f3 (git) before 4602b8cee1481dbb896182e5cb1e8cf12910e9e7
affected

6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1 (git) before 3412fbd81b46b9cfae013817b61d4bbd27e09e36
affected

305853cce379407090a73b38c5de5ba748893aee (git) before 88f170814fea74911ceab798a43cbd7c5599bed4
affected

Default status
unaffected

6.12.53 (semver) before 6.12.55
affected

6.17.3 (semver) before 6.17.5
affected

References

git.kernel.org/...c/4602b8cee1481dbb896182e5cb1e8cf12910e9e7

git.kernel.org/...c/3412fbd81b46b9cfae013817b61d4bbd27e09e36

git.kernel.org/...c/88f170814fea74911ceab798a43cbd7c5599bed4

cve.org (CVE-2025-40090)

nvd.nist.gov (CVE-2025-40090)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.