CVE-2025-38379
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/07/2025
Last modified:
19/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
smb: client: fix warning when reconnecting channel<br />
<br />
When reconnecting a channel in smb2_reconnect_server(), a dummy tcon<br />
is passed down to smb2_reconnect() with ->query_interface<br />
uninitialized, so we can&#39;t call queue_delayed_work() on it.<br />
<br />
Fix the following warning by ensuring that we&#39;re queueing the delayed<br />
worker from correct tcon.<br />
<br />
WARNING: CPU: 4 PID: 1126 at kernel/workqueue.c:2498 __queue_delayed_work+0x1d2/0x200<br />
Modules linked in: cifs cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs]<br />
CPU: 4 UID: 0 PID: 1126 Comm: kworker/4:0 Not tainted 6.16.0-rc3 #5 PREEMPT(voluntary)<br />
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-4.fc42 04/01/2014<br />
Workqueue: cifsiod smb2_reconnect_server [cifs]<br />
RIP: 0010:__queue_delayed_work+0x1d2/0x200<br />
Code: 41 5e 41 5f e9 7f ee ff ff 90 0f 0b 90 e9 5d ff ff ff bf 02 00<br />
00 00 e8 6c f3 07 00 89 c3 eb bd 90 0f 0b 90 e9 57 f> 0b 90 e9 65 fe<br />
ff ff 90 0f 0b 90 e9 72 fe ff ff 90 0f 0b 90 e9<br />
RSP: 0018:ffffc900014afad8 EFLAGS: 00010003<br />
RAX: 0000000000000000 RBX: ffff888124d99988 RCX: ffffffff81399cc1<br />
RDX: dffffc0000000000 RSI: ffff888114326e00 RDI: ffff888124d999f0<br />
RBP: 000000000000ea60 R08: 0000000000000001 R09: ffffed10249b3331<br />
R10: ffff888124d9998f R11: 0000000000000004 R12: 0000000000000040<br />
R13: ffff888114326e00 R14: ffff888124d999d8 R15: ffff888114939020<br />
FS: 0000000000000000(0000) GS:ffff88829f7fe000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 00007ffe7a2b4038 CR3: 0000000120a6f000 CR4: 0000000000750ef0<br />
PKRU: 55555554<br />
Call Trace:<br />
<br />
queue_delayed_work_on+0xb4/0xc0<br />
smb2_reconnect+0xb22/0xf50 [cifs]<br />
smb2_reconnect_server+0x413/0xd40 [cifs]<br />
? __pfx_smb2_reconnect_server+0x10/0x10 [cifs]<br />
? local_clock_noinstr+0xd/0xd0<br />
? local_clock+0x15/0x30<br />
? lock_release+0x29b/0x390<br />
process_one_work+0x4c5/0xa10<br />
? __pfx_process_one_work+0x10/0x10<br />
? __list_add_valid_or_report+0x37/0x120<br />
worker_thread+0x2f1/0x5a0<br />
? __kthread_parkme+0xde/0x100<br />
? __pfx_worker_thread+0x10/0x10<br />
kthread+0x1fe/0x380<br />
? kthread+0x10f/0x380<br />
? __pfx_kthread+0x10/0x10<br />
? local_clock_noinstr+0xd/0xd0<br />
? ret_from_fork+0x1b/0x1f0<br />
? local_clock+0x15/0x30<br />
? lock_release+0x29b/0x390<br />
? rcu_is_watching+0x20/0x50<br />
? __pfx_kthread+0x10/0x10<br />
ret_from_fork+0x15b/0x1f0<br />
? __pfx_kthread+0x10/0x10<br />
ret_from_fork_asm+0x1a/0x30<br />
<br />
irq event stamp: 1116206<br />
hardirqs last enabled at (1116205): [] __up_console_sem+0x52/0x60<br />
hardirqs last disabled at (1116206): [] queue_delayed_work_on+0x6e/0xc0<br />
softirqs last enabled at (1116138): [] __smb_send_rqst+0x42d/0x950 [cifs]<br />
softirqs last disabled at (1116136): [] release_sock+0x21/0xf0
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.95 (including) | 6.6.97 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12.35 (including) | 6.12.37 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.15.4 (including) | 6.15.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page