SB2025090506 - Improper locking in Linux kernel smb server
Published: September 5, 2025
Security Bulletin ID
SB2025090506
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38711)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_create_link() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246de7ceb7743b44a71
- https://git.kernel.org/stable/c/814cfdb6358d9b84fcbec9918c8f938cc096a43a
- https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef4df3d6cb026b7c4
- https://git.kernel.org/stable/c/a726fef6d7d4cfc365d3434e3916dbfe78991a33
- https://git.kernel.org/stable/c/a7dddd62578c2eb6cb28b8835556a121b5157323
- https://git.kernel.org/stable/c/ac98d54630d5b52e3f684d872f0d82c06c418ea9
- https://git.kernel.org/stable/c/d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694