CVE-2025-38244

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38244
Downstream
Related
Published
2025-07-09T10:42:26.622Z
Modified
2025-11-20T09:55:21.492855Z
Summary
smb: client: fix potential deadlock when reconnecting channels
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential deadlock when reconnecting channels

Fix cifssignalcifsdforreconnect() to take the correct lock order and prevent the following deadlock from happening

====================================================== WARNING: possible circular locking dependency detected

6.16.0-rc3-build2+ #1301 Tainted: G S W

cifsd/6055 is trying to acquire lock: ffff88810ad56038 (&tcpses->srvlock){+.+.}-{3:3}, at: cifssignalcifsdforreconnect+0x134/0x200

but task is already holding lock: ffff888119c64330 (&retbuf->chanlock){+.+.}-{3:3}, at: cifssignalcifsdforreconnect+0xcf/0x200

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 (&retbuf->chanlock){+.+.}-{3:3}: validatechain+0x1cf/0x270 _lockacquire+0x60e/0x780 lockacquire.part.0+0xb4/0x1f0 rawspinlock+0x2f/0x40 cifssetupsession+0x81/0x4b0 cifsgetsmbses+0x771/0x900 cifsmountgetsession+0x7e/0x170 cifsmount+0x92/0x2d0 cifssmb3domount+0x161/0x460 smb3gettree+0x55/0x90 vfsgettree+0x46/0x180 donewmount+0x1b0/0x2e0 pathmount+0x6ee/0x740 domount+0x98/0xe0 _dosysmount+0x148/0x180 dosyscall64+0xa4/0x260 entrySYSCALL64afterhwframe+0x76/0x7e

-> #1 (&retbuf->seslock){+.+.}-{3:3}: validatechain+0x1cf/0x270 _lockacquire+0x60e/0x780 lockacquire.part.0+0xb4/0x1f0 rawspinlock+0x2f/0x40 cifsmatchsuper+0x101/0x320 sget+0xab/0x270 cifssmb3domount+0x1e0/0x460 smb3gettree+0x55/0x90 vfsgettree+0x46/0x180 donewmount+0x1b0/0x2e0 pathmount+0x6ee/0x740 domount+0x98/0xe0 _dosysmount+0x148/0x180 dosyscall64+0xa4/0x260 entrySYSCALL64after_hwframe+0x76/0x7e

-> #0 (&tcpses->srvlock){+.+.}-{3:3}: checknoncircular+0x95/0xc0 checkprevadd+0x115/0x2f0 validatechain+0x1cf/0x270 _lockacquire+0x60e/0x780 lockacquire.part.0+0xb4/0x1f0 _rawspinlock+0x2f/0x40 cifssignalcifsdforreconnect+0x134/0x200 _cifsreconnect+0x8f/0x500 cifshandlestandard+0x112/0x280 cifsdemultiplexthread+0x64d/0xbc0 kthread+0x2f7/0x310 retfromfork+0x2a/0x230 retfromforkasm+0x1a/0x30

other info that might help us debug this:

Chain exists of: &tcpses->srvlock --> &retbuf->seslock --> &retbuf->chanlock

Possible unsafe locking scenario:

   CPU0                    CPU1
   ----                    ----

lock(&retbuf->chanlock); lock(&retbuf->seslock); lock(&retbuf->chanlock); lock(&tcpses->srvlock);

* DEADLOCK *

3 locks held by cifsd/6055: #0: ffffffff857de398 (&cifstcpseslock){+.+.}-{3:3}, at: cifssignalcifsdforreconnect+0x7b/0x200 #1: ffff888119c64060 (&retbuf->seslock){+.+.}-{3:3}, at: cifssignalcifsdforreconnect+0x9c/0x200 #2: ffff888119c64330 (&retbuf->chanlock){+.+.}-{3:3}, at: cifssignalcifsdfor_reconnect+0xcf/0x200

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8
Fixed
c82c7041258d96e3286f6790ab700e4edd3cc9e3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8
Fixed
7f3ead8ebc0ef65b6c89a13912b4e80218425629
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8
Fixed
fe035dc78aa6ca8f862857d45beaf7a0e03206ca
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8
Fixed
711741f94ac3cf9f4e3aa73aa171e76d188c0819

Affected versions

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2025-38244-41b19947",
        "signature_version": "v1",
        "target": {
            "function": "cifs_signal_cifsd_for_reconnect",
            "file": "fs/smb/client/connect.c"
        },
        "digest": {
            "function_hash": "94048120440015395339538299564101012799",
            "length": 923.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe035dc78aa6ca8f862857d45beaf7a0e03206ca",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2025-38244-dcd193a8",
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/cifsglob.h"
        },
        "digest": {
            "line_hashes": [
                "160723124879459077696832364371229088187",
                "277963569052408603323746418878910895606",
                "236518206353390258394362216709438689271",
                "152612889023739555468085387889714166030"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe035dc78aa6ca8f862857d45beaf7a0e03206ca",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "id": "CVE-2025-38244-fae8ae90",
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/connect.c"
        },
        "digest": {
            "line_hashes": [
                "115631910859854466547322202757466178921",
                "325255474159064431227055140738036167222",
                "245561269327857838668225880419999287562",
                "221061877482019342268754525597602326775",
                "16280544546830054177181842416558605904",
                "23205902987168752530983363100268937143",
                "259777357921354587480457715547246849786",
                "129528088309232600524082741465907746258",
                "216377206141720441430157370278074523674",
                "63078834546386032263238842873837125459",
                "139442210433002558444307975884833928001",
                "198934123820685630852619676146413492096",
                "306770255447801894158049444334820509943",
                "197333659074602747101476183467514134849",
                "229183263612896144875478807013495925531",
                "48485850654267419535528707141190288965",
                "156615235771182876003182335032805496941",
                "278394181617064803451815159131129301702",
                "87146014601125489088507519017506157234",
                "57579767415660682494086989911323684260",
                "263726906615278949931739499435291804445",
                "245232380075552101758674749923009087084",
                "143867430434279114473102783084497938284",
                "100980540477015045477153380140130554983",
                "210549323157624845249794592109219004829",
                "300487799014337854188842592522077677496",
                "144216532041429350881302158238448606381",
                "58144489290375047375458007994820566621",
                "172715363565181297153666055148438686309",
                "274416248294467077447076560379042478367",
                "290496904324546998398955618737925811569",
                "164013247244632073664195084041501103739",
                "330064363205160956653047510279946914922"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe035dc78aa6ca8f862857d45beaf7a0e03206ca",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.6.96
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.36
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.5