{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T21:35:46.070","vulnerabilities":[{"cve":{"id":"CVE-2025-38244","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-09T11:15:26.480","lastModified":"2025-11-20T20:13:41.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S      W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (&tcp_ses->srv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (&ret_buf->chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (&ret_buf->chan_lock){+.+.}-{3:3}:\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_setup_session+0x81/0x4b0\n       cifs_get_smb_ses+0x771/0x900\n       cifs_mount_get_session+0x7e/0x170\n       cifs_mount+0x92/0x2d0\n       cifs_smb3_do_mount+0x161/0x460\n       smb3_get_tree+0x55/0x90\n       vfs_get_tree+0x46/0x180\n       do_new_mount+0x1b0/0x2e0\n       path_mount+0x6ee/0x740\n       do_mount+0x98/0xe0\n       __do_sys_mount+0x148/0x180\n       do_syscall_64+0xa4/0x260\n       entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-> #1 (&ret_buf->ses_lock){+.+.}-{3:3}:\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_match_super+0x101/0x320\n       sget+0xab/0x270\n       cifs_smb3_do_mount+0x1e0/0x460\n       smb3_get_tree+0x55/0x90\n       vfs_get_tree+0x46/0x180\n       do_new_mount+0x1b0/0x2e0\n       path_mount+0x6ee/0x740\n       do_mount+0x98/0xe0\n       __do_sys_mount+0x148/0x180\n       do_syscall_64+0xa4/0x260\n       entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-> #0 (&tcp_ses->srv_lock){+.+.}-{3:3}:\n       check_noncircular+0x95/0xc0\n       check_prev_add+0x115/0x2f0\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_signal_cifsd_for_reconnect+0x134/0x200\n       __cifs_reconnect+0x8f/0x500\n       cifs_handle_standard+0x112/0x280\n       cifs_demultiplex_thread+0x64d/0xbc0\n       kthread+0x2f7/0x310\n       ret_from_fork+0x2a/0x230\n       ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n  &tcp_ses->srv_lock --> &ret_buf->ses_lock --> &ret_buf->chan_lock\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&ret_buf->chan_lock);\n                               lock(&ret_buf->ses_lock);\n                               lock(&ret_buf->chan_lock);\n  lock(&tcp_ses->srv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (&cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (&ret_buf->ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (&ret_buf->chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige un posible bloqueo al reconectar canales Se corrige cifs_signal_cifsd_for_reconnect() para que adopte el orden de bloqueo correcto y evite que se produzca el siguiente bloqueo ========================================================= ADVERTENCIA: se detectó una posible dependencia de bloqueo circular 6.16.0-rc3-build2+ #1301 Tainted: G S W ------------------------------------------------------ cifsd/6055 is trying to acquire lock: ffff88810ad56038 (&amp;tcp_ses-&gt;srv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200 but task is already holding lock: ffff888119c64330 (&amp;ret_buf-&gt;chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -&gt; #2 (&amp;ret_buf-&gt;chan_lock){+.+.}-{3:3}: validate_chain+0x1cf/0x270 __lock_acquire+0x60e/0x780 lock_acquire.part.0+0xb4/0x1f0 _raw_spin_lock+0x2f/0x40 cifs_setup_session+0x81/0x4b0 cifs_get_smb_ses+0x771/0x900 cifs_mount_get_session+0x7e/0x170 cifs_mount+0x92/0x2d0 cifs_smb3_do_mount+0x161/0x460 smb3_get_tree+0x55/0x90 vfs_get_tree+0x46/0x180 do_new_mount+0x1b0/0x2e0 path_mount+0x6ee/0x740 do_mount+0x98/0xe0 __do_sys_mount+0x148/0x180 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x76/0x7e -&gt; #1 (&amp;ret_buf-&gt;ses_lock){+.+.}-{3:3}: validate_chain+0x1cf/0x270 __lock_acquire+0x60e/0x780 lock_acquire.part.0+0xb4/0x1f0 _raw_spin_lock+0x2f/0x40 cifs_match_super+0x101/0x320 sget+0xab/0x270 cifs_smb3_do_mount+0x1e0/0x460 smb3_get_tree+0x55/0x90 vfs_get_tree+0x46/0x180 do_new_mount+0x1b0/0x2e0 path_mount+0x6ee/0x740 do_mount+0x98/0xe0 __do_sys_mount+0x148/0x180 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x76/0x7e -&gt; #0 (&amp;tcp_ses-&gt;srv_lock){+.+.}-{3:3}: check_noncircular+0x95/0xc0 check_prev_add+0x115/0x2f0 validate_chain+0x1cf/0x270 __lock_acquire+0x60e/0x780 lock_acquire.part.0+0xb4/0x1f0 _raw_spin_lock+0x2f/0x40 cifs_signal_cifsd_for_reconnect+0x134/0x200 __cifs_reconnect+0x8f/0x500 cifs_handle_standard+0x112/0x280 cifs_demultiplex_thread+0x64d/0xbc0 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 other info that might help us debug this: Chain exists of: &amp;tcp_ses-&gt;srv_lock --&gt; &amp;ret_buf-&gt;ses_lock --&gt; &amp;ret_buf-&gt;chan_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&amp;ret_buf-&gt;chan_lock); lock(&amp;ret_buf-&gt;ses_lock); lock(&amp;ret_buf-&gt;chan_lock); lock(&amp;tcp_ses-&gt;srv_lock); *** DEADLOCK *** 3 locks held by cifsd/6055: #0: ffffffff857de398 (&amp;cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200 #1: ffff888119c64060 (&amp;ret_buf-&gt;ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200 #2: ffff888119c64330 (&amp;ret_buf-&gt;chan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200 "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.96","matchCriteriaId":"FFC584E9-F7DC-40D8-8BE8-9CB5F3B41F2B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.36","matchCriteriaId":"2BD88DEC-018F-4F40-8E29-A2CA89813EBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.5","matchCriteriaId":"0CC768E2-3BBC-4A6E-9C2F-ECB27A703C2D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*","matchCriteriaId":"6D4894DB-CCFE-4602-B1BF-3960B2E19A01"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*","matchCriteriaId":"09709862-E348-4378-8632-5A7813EDDC86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*","matchCriteriaId":"415BF58A-8197-43F5-B3D7-D1D63057A26E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/711741f94ac3cf9f4e3aa73aa171e76d188c0819","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f3ead8ebc0ef65b6c89a13912b4e80218425629","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c82c7041258d96e3286f6790ab700e4edd3cc9e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe035dc78aa6ca8f862857d45beaf7a0e03206ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}