Zhang Xiaoxu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1.0-rc4+ **Description** The issue is related to a use-after-free (UAF) vulnerability in the `cifs demultiplex thread()` function. This vulnerability can be exploited by an attacker to potentially execute arbitrary code. The UAF occurs when the `mid->resp buf` is freed while still being used by the `cifs demultiplex thread()`. The vulnerability can be easily reproduced by adding a delay between steps [3] and [6] in the process. Only synchronous calls are affected, as asynchronous calls have their callbacks executed in the `cifsd` process. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the UAF in `cifs demultiplex thread()`. As a temporary workaround, consider adding an extra state to mark the `mid` state to `READY` before waking up the waiter, allowing it to safely get the response.