Skip to main content

Linux Kernel CVE-2026-45924

| EUVDEUVD-2026-32390 MEDIUM
Improper Locking (CWE-667)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-x9p6-4mgw-jm88
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access required to reach ksmbd; low privilege suffices via SMB client; pure availability impact via deadlock, no C/I.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 19:31 vuln.today
CVSS changed
Jun 24, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths

There are two places where ksmbd_vfs_kern_path_end_removing() needs to be called in order to balance what the corresponding successful call to ksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like:

BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handle_ksmbd_work 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660 #1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handle_ksmbd_work Call Trace: <TASK> dump_stack_lvl+0x44/0x5b process_one_work.cold+0x57/0x5c worker_thread+0x82/0x600 kthread+0x153/0x190 ret_from_fork+0x22/0x30 </TASK>

Found by Linux Verification Center (linuxtesting.org).

AnalysisAI

Improper lock release in the Linux kernel ksmbd subsystem (in-kernel SMB server) allows a local low-privileged user to trigger a deadlock by inducing error paths in ksmbd_vfs_kern_path_locked where ksmbd_vfs_kern_path_end_removing() is never called to balance the corresponding ksmbd_vfs_kern_path_start_removing(). Affected kernel versions span multiple stable branches from 5.15 through 6.17. No public exploit or active exploitation is known; EPSS stands at 0.02% (7th percentile), confirming low real-world exploitation probability.

Technical ContextAI

ksmbd is the Linux kernel's native in-kernel SMB server implementation. The vulnerability resides in ksmbd_vfs_kern_path_locked(), where ksmbd_vfs_kern_path_start_removing() acquires superblock writer locks (sb_writers) and a directory inode mutex (i_mutex_dir_key) via the VFS path resolution layer. Two error paths downstream fail to invoke ksmbd_vfs_kern_path_end_removing(), which is the required paired release call for those locks. This produces an unbalanced locking state: when the kworker thread finishes processing handle_ksmbd_work, the kernel's workqueue infrastructure detects the leaked locks and may panic or deadlock. The root cause class is CWE-667 (Improper Locking) - a resource-management error rather than a memory corruption or logic flaw. CPE data confirms all affected products are cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* across multiple version ranges.

RemediationAI

Update to a patched stable kernel release: 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.17, 6.19.4, or 7.0, depending on the active branch. Upstream commits are available at https://git.kernel.org/stable/c/0c578e8065c4b08d5635a4cbc0f6321df9d20f79 and related stable refs. Debian and other distributions should apply their respective kernel-security updates once backports are published. As a compensating control where patching is immediately infeasible, disable or stop the ksmbd service (modprobe -r ksmbd or remove it from kernel module autoload) - this eliminates the attack surface entirely since the vulnerable code path is only reachable when ksmbd is active. Disabling ksmbd will interrupt any SMB file sharing provided by the in-kernel server; workloads relying on it should migrate temporarily to userspace Samba. No side effects from disabling ksmbd are expected for services not using in-kernel SMB.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-45924 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy