ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths
Summary
| CVE | CVE-2026-45924 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 14:17:07 UTC |
| Updated | 2026-05-27 14:48:03 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths There are two places where ksmbd_vfs_kern_path_end_removing() needs to be called in order to balance what the corresponding successful call to ksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like: BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handle_ksmbd_work 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660 #1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handle_ksmbd_work Call Trace: <TASK> dump_stack_lvl+0x44/0x5b process_one_work.cold+0x57/0x5c worker_thread+0x82/0x600 kthread+0x153/0x190 ret_from_fork+0x22/0x30 </TASK> Found by Linux Verification Center (linuxtesting.org). |
Risk And Classification
EPSS: 0.000240000 probability, percentile 0.073930000 (date 2026-05-29)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 9d5012ffe14120f978ee34aef4df3d6cb026b7c4 8e3a3192ef78d8302916408d62813b1fddfc8972 git | Not specified |
| CNA | Linux | Linux | affected ac98d54630d5b52e3f684d872f0d82c06c418ea9 f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2 git | Not specified |
| CNA | Linux | Linux | affected 1e858a7a51c7b8b009d8f246de7ceb7743b44a71 cf29329a13df79c198b45dfc92577638d30b56fa git | Not specified |
| CNA | Linux | Linux | affected 814cfdb6358d9b84fcbec9918c8f938cc096a43a 34d6691933682f0516259a31b39d2cebcedec0a5 git | Not specified |
| CNA | Linux | Linux | affected d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 0c578e8065c4b08d5635a4cbc0f6321df9d20f79 git | Not specified |
| CNA | Linux | Linux | affected d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 4c38600feb81c670edb82e49d201d3d2d00cd4c3 git | Not specified |
| CNA | Linux | Linux | affected d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8 git | Not specified |
| CNA | Linux | Linux | affected a7dddd62578c2eb6cb28b8835556a121b5157323 git | Not specified |
| CNA | Linux | Linux | affected a726fef6d7d4cfc365d3434e3916dbfe78991a33 git | Not specified |
| CNA | Linux | Linux | affected 5.15.190 5.15.203 semver | Not specified |
| CNA | Linux | Linux | affected 6.1.149 6.1.167 semver | Not specified |
| CNA | Linux | Linux | affected 6.6.103 6.6.130 semver | Not specified |
| CNA | Linux | Linux | affected 6.12.43 6.12.78 semver | Not specified |
| CNA | Linux | Linux | affected 6.15.11 6.16 semver | Not specified |
| CNA | Linux | Linux | affected 6.16.2 6.17 semver | Not specified |
| CNA | Linux | Linux | affected 6.17 | Not specified |
| CNA | Linux | Linux | unaffected 6.17 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.203 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.167 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.130 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.78 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.17 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.4 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/4c38600feb81c670edb82e49d201d3d2d00cd4c3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/34d6691933682f0516259a31b39d2cebcedec0a5 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/8e3a3192ef78d8302916408d62813b1fddfc8972 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/0c578e8065c4b08d5635a4cbc0f6321df9d20f79 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/cf29329a13df79c198b45dfc92577638d30b56fa | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.