CVE-2025-38379

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38379
Downstream
Related
Published
2025-07-25T12:53:21.098Z
Modified
2025-11-20T10:01:14.310501Z
Summary
smb: client: fix warning when reconnecting channel
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix warning when reconnecting channel

When reconnecting a channel in smb2reconnectserver(), a dummy tcon is passed down to smb2reconnect() with ->queryinterface uninitialized, so we can't call queuedelayedwork() on it.

Fix the following warning by ensuring that we're queueing the delayed worker from correct tcon.

WARNING: CPU: 4 PID: 1126 at kernel/workqueue.c:2498 queuedelayedwork+0x1d2/0x200 Modules linked in: cifs cifsarc4 nlsucs2utils cifsmd4 [last unloaded: cifs] CPU: 4 UID: 0 PID: 1126 Comm: kworker/4:0 Not tainted 6.16.0-rc3 #5 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-4.fc42 04/01/2014 Workqueue: cifsiod smb2reconnectserver [cifs] RIP: 0010:queuedelayedwork+0x1d2/0x200 Code: 41 5e 41 5f e9 7f ee ff ff 90 0f 0b 90 e9 5d ff ff ff bf 02 00 00 00 e8 6c f3 07 00 89 c3 eb bd 90 0f 0b 90 e9 57 f> 0b 90 e9 65 fe ff ff 90 0f 0b 90 e9 72 fe ff ff 90 0f 0b 90 e9 RSP: 0018:ffffc900014afad8 EFLAGS: 00010003 RAX: 0000000000000000 RBX: ffff888124d99988 RCX: ffffffff81399cc1 RDX: dffffc0000000000 RSI: ffff888114326e00 RDI: ffff888124d999f0 RBP: 000000000000ea60 R08: 0000000000000001 R09: ffffed10249b3331 R10: ffff888124d9998f R11: 0000000000000004 R12: 0000000000000040 R13: ffff888114326e00 R14: ffff888124d999d8 R15: ffff888114939020 FS: 0000000000000000(0000) GS:ffff88829f7fe000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe7a2b4038 CR3: 0000000120a6f000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> queuedelayedworkon+0xb4/0xc0 smb2reconnect+0xb22/0xf50 [cifs] smb2reconnectserver+0x413/0xd40 [cifs] ? _pfxsmb2reconnectserver+0x10/0x10 [cifs] ? localclocknoinstr+0xd/0xd0 ? localclock+0x15/0x30 ? lockrelease+0x29b/0x390 processonework+0x4c5/0xa10 ? _pfxprocessonework+0x10/0x10 ? _listaddvalidorreport+0x37/0x120 workerthread+0x2f1/0x5a0 ? _kthreadparkme+0xde/0x100 ? _pfxworkerthread+0x10/0x10 kthread+0x1fe/0x380 ? kthread+0x10f/0x380 ? _pfxkthread+0x10/0x10 ? localclocknoinstr+0xd/0xd0 ? retfromfork+0x1b/0x1f0 ? localclock+0x15/0x30 ? lockrelease+0x29b/0x390 ? rcuiswatching+0x20/0x50 ? _pfxkthread+0x10/0x10 retfromfork+0x15b/0x1f0 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK> irq event stamp: 1116206 hardirqs last enabled at (1116205): [<ffffffff8143af42>] _upconsolesem+0x52/0x60 hardirqs last disabled at (1116206): [<ffffffff81399f0e>] queuedelayedworkon+0x6e/0xc0 softirqs last enabled at (1116138): [<ffffffffc04562fd>] _smbsendrqst+0x42d/0x950 [cifs] softirqs last disabled at (1116136): [<ffffffff823d35e1>] releasesock+0x21/0xf0

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
202d7e838967dda02855cd925db7fd8c52c56af7
Fixed
0cee638d92ac898d73eccc4e4bab70e9fc95946a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2c34f1e095a12be3674fb79d84d1af7896e49245
Fixed
3f6932ef25378794894c3c1024092ad14da2d330
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4f81ee0af2b8c4089e308f7cb6b5ea5a4efe5b94
Fixed
9d2b629a9dc5c72537645533af1cb11a7d34c4b1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
42ca547b13a20e7cbb04fbdf8d5f089ac4bb35b7
Fixed
3bbe46716092d8ef6b0df4b956f585c5cd0fc78e

Affected versions

v6.*

v6.12.35
v6.12.36
v6.15.4
v6.15.5
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.6.95
v6.6.96

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/cifsglob.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cee638d92ac898d73eccc4e4bab70e9fc95946a",
        "digest": {
            "line_hashes": [
                "328035803555227012247647326938124709951",
                "201615836987193736018133047478001135184",
                "89416255134409363658669211452549770297",
                "186865636845388241785032489514253395384"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-132b46ce"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/cifsglob.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f6932ef25378794894c3c1024092ad14da2d330",
        "digest": {
            "line_hashes": [
                "328035803555227012247647326938124709951",
                "201615836987193736018133047478001135184",
                "89416255134409363658669211452549770297",
                "186865636845388241785032489514253395384"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-4d1c60c8"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect_server"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cee638d92ac898d73eccc4e4bab70e9fc95946a",
        "digest": {
            "length": 2796.0,
            "function_hash": "295730860981635655305511457305136356870"
        },
        "id": "CVE-2025-38379-511f1f68"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/cifsglob.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d2b629a9dc5c72537645533af1cb11a7d34c4b1",
        "digest": {
            "line_hashes": [
                "328035803555227012247647326938124709951",
                "201615836987193736018133047478001135184",
                "89416255134409363658669211452549770297",
                "186865636845388241785032489514253395384"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-5972fd83"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d2b629a9dc5c72537645533af1cb11a7d34c4b1",
        "digest": {
            "line_hashes": [
                "86691492427895622389303631635357585430",
                "204271954154070211475667369331488733131",
                "197712602379987582105924258880515326950",
                "258800644115120246977882728965361972846",
                "231055101379255746741591430505695936293",
                "163302124953027076904136115650418583838",
                "295841055289928067154124043719776128746",
                "702993731166114101950236732834425736",
                "229840294361642692361860248735477574093",
                "137420901987512268923629428572375291903",
                "15704086836506901344921260690768038061"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-5d37c6f5"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect_server"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbe46716092d8ef6b0df4b956f585c5cd0fc78e",
        "digest": {
            "length": 2828.0,
            "function_hash": "241037564623607744673245270745926536666"
        },
        "id": "CVE-2025-38379-61d7438d"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbe46716092d8ef6b0df4b956f585c5cd0fc78e",
        "digest": {
            "length": 5108.0,
            "function_hash": "260314395742329564616148342535115846749"
        },
        "id": "CVE-2025-38379-6e587f80"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/cifsglob.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbe46716092d8ef6b0df4b956f585c5cd0fc78e",
        "digest": {
            "line_hashes": [
                "328035803555227012247647326938124709951",
                "201615836987193736018133047478001135184",
                "89416255134409363658669211452549770297",
                "186865636845388241785032489514253395384"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-79de77a0"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f6932ef25378794894c3c1024092ad14da2d330",
        "digest": {
            "line_hashes": [
                "86691492427895622389303631635357585430",
                "204271954154070211475667369331488733131",
                "197712602379987582105924258880515326950",
                "258800644115120246977882728965361972846",
                "231055101379255746741591430505695936293",
                "163302124953027076904136115650418583838",
                "295841055289928067154124043719776128746",
                "702993731166114101950236732834425736",
                "229840294361642692361860248735477574093",
                "137420901987512268923629428572375291903",
                "15704086836506901344921260690768038061"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-818837f0"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect_server"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f6932ef25378794894c3c1024092ad14da2d330",
        "digest": {
            "length": 2796.0,
            "function_hash": "295730860981635655305511457305136356870"
        },
        "id": "CVE-2025-38379-864a8852"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f6932ef25378794894c3c1024092ad14da2d330",
        "digest": {
            "length": 5207.0,
            "function_hash": "146443644041824499177218905144890103651"
        },
        "id": "CVE-2025-38379-8ff7d4aa"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bbe46716092d8ef6b0df4b956f585c5cd0fc78e",
        "digest": {
            "line_hashes": [
                "86691492427895622389303631635357585430",
                "204271954154070211475667369331488733131",
                "197712602379987582105924258880515326950",
                "258800644115120246977882728965361972846",
                "231055101379255746741591430505695936293",
                "163302124953027076904136115650418583838",
                "295841055289928067154124043719776128746",
                "702993731166114101950236732834425736",
                "229840294361642692361860248735477574093",
                "137420901987512268923629428572375291903",
                "15704086836506901344921260690768038061"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-a54e505b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d2b629a9dc5c72537645533af1cb11a7d34c4b1",
        "digest": {
            "length": 5108.0,
            "function_hash": "260314395742329564616148342535115846749"
        },
        "id": "CVE-2025-38379-a732231b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cee638d92ac898d73eccc4e4bab70e9fc95946a",
        "digest": {
            "length": 5207.0,
            "function_hash": "146443644041824499177218905144890103651"
        },
        "id": "CVE-2025-38379-af6309cb"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c",
            "function": "smb2_reconnect_server"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d2b629a9dc5c72537645533af1cb11a7d34c4b1",
        "digest": {
            "length": 2828.0,
            "function_hash": "241037564623607744673245270745926536666"
        },
        "id": "CVE-2025-38379-af7cdf31"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "fs/smb/client/smb2pdu.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cee638d92ac898d73eccc4e4bab70e9fc95946a",
        "digest": {
            "line_hashes": [
                "86691492427895622389303631635357585430",
                "204271954154070211475667369331488733131",
                "197712602379987582105924258880515326950",
                "258800644115120246977882728965361972846",
                "231055101379255746741591430505695936293",
                "163302124953027076904136115650418583838",
                "295841055289928067154124043719776128746",
                "702993731166114101950236732834425736",
                "229840294361642692361860248735477574093",
                "137420901987512268923629428572375291903",
                "15704086836506901344921260690768038061"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-38379-bd2a4bb5"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.95
Fixed
6.6.97
Type
ECOSYSTEM
Events
Introduced
6.12.35
Fixed
6.12.37
Type
ECOSYSTEM
Events
Introduced
6.15.4
Fixed
6.15.6