-

CVE-2025-38711

EPSS 0.04%
Veröffentlicht 04.09.2025 15:33:01
Zuletzt bearbeitet 05.09.2025 17:47:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

smb/server: avoid deadlock when linking with ReplaceIfExists

If smb2_create_link() is called with ReplaceIfExists set and the name
does exist then a deadlock will happen.

ksmbd_vfs_kern_path_locked() will return with success and the parent
directory will be locked.  ksmbd_vfs_remove_file() will then remove the
file.  ksmbd_vfs_link() will then be called while the parent is still
locked.  It will try to lock the same parent and will deadlock.

This patch moves the ksmbd_vfs_kern_path_unlock() call to *before*
ksmbd_vfs_link() and then simplifies the code, removing the file_present
flag variable.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 9d5012ffe14120f978ee34aef4df3d6cb026b7c4

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < ac98d54630d5b52e3f684d872f0d82c06c418ea9

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 1e858a7a51c7b8b009d8f246de7ceb7743b44a71

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < 814cfdb6358d9b84fcbec9918c8f938cc096a43a

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < a7dddd62578c2eb6cb28b8835556a121b5157323

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < a726fef6d7d4cfc365d3434e3916dbfe78991a33

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

Version < d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694

Version 0626e6641f6b467447c81dd7678a69c66f7746cf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef4df3d6cb026b7c4

https://git.kernel.org/stable/c/ac98d54630d5b52e3f684d872f0d82c06c418ea9

https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246de7ceb7743b44a71

https://git.kernel.org/stable/c/814cfdb6358d9b84fcbec9918c8f938cc096a43a

https://git.kernel.org/stable/c/a7dddd62578c2eb6cb28b8835556a121b5157323

https://git.kernel.org/stable/c/a726fef6d7d4cfc365d3434e3916dbfe78991a33

https://git.kernel.org/stable/c/d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694

https://nvd.nist.gov/vuln/detail/CVE-2025-38711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38711

EUVD