CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ksmbd: fix recursive locking in RPC handle list access<br /> <br /> Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list<br /> access"), ksmbd_session_rpc_method() attempts to lock sess-&gt;rpc_lock.<br /> <br /> This causes hung connections / tasks when a client attempts to open<br /> a named pipe. Using Samba&amp;#39;s rpcclient tool:<br /> <br /> $ rpcclient //192.168.1.254 -U user%password<br /> $ rpcclient $&gt; srvinfo<br /> <br /> <br /> Kernel side:<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:kworker/0:0 state:D stack:0 pid:5021 tgid:5021 ppid:2 flags:0x00200000<br /> Workqueue: ksmbd-io handle_ksmbd_work<br /> Call trace:<br /> __schedule from schedule+0x3c/0x58<br /> schedule from schedule_preempt_disabled+0xc/0x10<br /> schedule_preempt_disabled from rwsem_down_read_slowpath+0x1b0/0x1d8<br /> rwsem_down_read_slowpath from down_read+0x28/0x30<br /> down_read from ksmbd_session_rpc_method+0x18/0x3c<br /> ksmbd_session_rpc_method from ksmbd_rpc_open+0x34/0x68<br /> ksmbd_rpc_open from ksmbd_session_rpc_open+0x194/0x228<br /> ksmbd_session_rpc_open from create_smb2_pipe+0x8c/0x2c8<br /> create_smb2_pipe from smb2_open+0x10c/0x27ac<br /> smb2_open from handle_ksmbd_work+0x238/0x3dc<br /> handle_ksmbd_work from process_scheduled_works+0x160/0x25c<br /> process_scheduled_works from worker_thread+0x16c/0x1e8<br /> worker_thread from kthread+0xa8/0xb8<br /> kthread from ret_from_fork+0x14/0x38<br /> Exception stack(0x8529ffb0 to 0x8529fff8)<br /> <br /> The task deadlocks because the lock is already held:<br /> ksmbd_session_rpc_open<br /> down_write(&amp;sess-&gt;rpc_lock)<br /> ksmbd_rpc_open<br /> ksmbd_session_rpc_method<br /> down_read(&amp;sess-&gt;rpc_lock)