Main Vulnerability Database SB2025103126

SB2025103126 - Improper locking in Linux kernel smb server

Published: October 31, 2025

Security Bulletin ID SB2025103126

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-40090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ksmbd_rpc_write(), ksmbd_rpc_read() and ksmbd_rpc_ioctl() functions in fs/smb/server/transport_ipc.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/3412fbd81b46b9cfae013817b61d4bbd27e09e36
https://git.kernel.org/stable/c/4602b8cee1481dbb896182e5cb1e8cf12910e9e7
https://git.kernel.org/stable/c/88f170814fea74911ceab798a43cbd7c5599bed4