CVE-2025-40090

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s ksmbd component contains a flaw related to recursive locking within RPC handle list access. Specifically, the ksmbd session rpc method() function attempts to lock sess->rpc lock, which can lead to hung connections or tasks when a client attempts to open a named pipe. This issue arises from a deadlock situation where a write lock is acquired in ksmbd session rpc open, and a read lock is subsequently attempted in ksmbd session rpc method, resulting in a deadlock. The issue was identified after commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"). Exploitation can be demonstrated using Samba’s rpcclient tool, where a connection may hang when attempting to retrieve server information. The call trace indicates the deadlock occurs within the ksmbd-io workqueue, specifically in the handle ksmbd work function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.