CVE-2025-38711
📋 TL;DR
A deadlock vulnerability exists in the Linux kernel's SMB server implementation when handling file linking operations with ReplaceIfExists flag. This affects systems running vulnerable kernel versions with ksmbd (kernel SMB server) enabled, potentially causing denial of service. The vulnerability is triggered during specific SMB file operations.
💻 Affected Systems
- Linux kernel with ksmbd module
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for SMB services on affected systems, requiring system reboot to restore functionality.
Likely Case
Temporary service disruption for SMB file operations when specific linking operations are attempted.
If Mitigated
No impact if ksmbd is disabled or patched kernel is used.
🎯 Exploit Status
Requires SMB client access and ability to perform specific file linking operations with ReplaceIfExists flag.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1e858a7a51c7b8b009d8f246de7ceb7743b44a71 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246de7ceb7743b44a71
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify ksmbd module loads correctly.
🔧 Temporary Workarounds
Disable ksmbd module
LinuxPrevent loading of vulnerable ksmbd kernel module
echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd
🧯 If You Can't Patch
- Disable SMB services using ksmbd and use alternative SMB implementations
- Restrict SMB client access to trusted sources only
🔍 How to Verify
Check if Vulnerable:
Check if ksmbd module is loaded: lsmod | grep ksmbd. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and ksmbd module version matches patched kernel. Test SMB linking operations with ReplaceIfExists flag.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing deadlock warnings
- SMB service becoming unresponsive
- Processes stuck in D state
Network Indicators:
- SMB connections failing during file linking operations
- Increased SMB protocol errors
SIEM Query:
source="kernel" AND ("deadlock" OR "hung task") AND "ksmbd"🔗 References
- https://git.kernel.org/stable/c/1e858a7a51c7b8b009d8f246de7ceb7743b44a71
- https://git.kernel.org/stable/c/814cfdb6358d9b84fcbec9918c8f938cc096a43a
- https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef4df3d6cb026b7c4
- https://git.kernel.org/stable/c/a726fef6d7d4cfc365d3434e3916dbfe78991a33
- https://git.kernel.org/stable/c/a7dddd62578c2eb6cb28b8835556a121b5157323
- https://git.kernel.org/stable/c/ac98d54630d5b52e3f684d872f0d82c06c418ea9
- https://git.kernel.org/stable/c/d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
