In the Linux kernel, the following vulnerability has been resolved:
ksmbd: call ksmbdvfskernpathend_removing() on some error paths
There are two places where ksmbdvfskernpathendremoving() needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like:
BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handleksmbdwork 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sbwriters#3){.+.+}-{0:0}, at: ksmbdvfskernpathlocked+0x142/0x660 #1: ffff888130e966c0 (&type->imutexdirkey#3/1){+.+.}-{4:4}, at: ksmbdvfskernpathlocked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handleksmbdwork Call Trace: <TASK> dumpstacklvl+0x44/0x5b processonework.cold+0x57/0x5c workerthread+0x82/0x600 kthread+0x153/0x190 retfrom_fork+0x22/0x30 </TASK>
Found by Linux Verification Center (linuxtesting.org).
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45924.json",
"cna_assigner": "Linux"
}