In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when releasing mids
All releasemid() callers seem to hold a reference of @mid so there is no need to call krefput(&mid->refcount, _releasemid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways.
By getting rid of such spinlock also fixes a potential deadlock as shown below
cifsdemultiplexthread() cifsdebugdataprocshow() releasemid() spinlock(&server->midlock); spinlock(&cifstcpseslock) spinlock(&server->midlock) _releasemid() smb2findsmbtcon() spinlock(&cifstcpseslock) deadlock