In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths

There are two places where ksmbd_vfs_kern_path_end_removing() needs to be
called in order to balance what the corresponding successful call to
ksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and
put the taken references. Otherwise there might be potential deadlocks
and unbalanced locks which are caught like:

BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596
last function: handle_ksmbd_work
2 locks held by kworker/5:21/7596:
#0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660
#1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660
CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014
Workqueue: ksmbd-io handle_ksmbd_work
Call Trace:
<TASK>
dump_stack_lvl+0x44/0x5b
process_one_work.cold+0x57/0x5c
worker_thread+0x82/0x600
kthread+0x153/0x190
ret_from_fork+0x22/0x30
</TASK>

Found by Linux Verification Center (linuxtesting.org).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
9d5012ffe14120f978ee34aef4df3d6cb026b7c4 affected < 8e3a3192ef78d8302916408d62813b1fddfc8972
ac98d54630d5b52e3f684d872f0d82c06c418ea9 affected < f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2
1e858a7a51c7b8b009d8f246de7ceb7743b44a71 affected < cf29329a13df79c198b45dfc92577638d30b56fa
814cfdb6358d9b84fcbec9918c8f938cc096a43a affected < 34d6691933682f0516259a31b39d2cebcedec0a5
d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 affected < 0c578e8065c4b08d5635a4cbc0f6321df9d20f79
d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 affected < 4c38600feb81c670edb82e49d201d3d2d00cd4c3
d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 affected < a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8
a7dddd62578c2eb6cb28b8835556a121b5157323 affected
a726fef6d7d4cfc365d3434e3916dbfe78991a33 affected
5.15.190 affected < 5.15.203
6.1.149 affected < 6.1.167
6.6.103 affected < 6.6.130
6.12.43 affected < 6.12.78
6.15.11 affected < 6.16
6.16.2 affected < 6.17
Linux Linux affected
Version Status Constraints
6.17 affected
0 unaffected < 6.17
5.15.203 unaffected ≤ 5.15.*
6.1.167 unaffected ≤ 6.1.*
6.6.130 unaffected ≤ 6.6.*
6.12.78 unaffected ≤ 6.12.*
6.18.17 unaffected ≤ 6.18.*
6.19.4 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/0c578e8065c4b08d5635a4cbc0f6321df9d20f79 cve-icon cve-icon
https://git.kernel.org/stable/c/34d6691933682f0516259a31b39d2cebcedec0a5 cve-icon cve-icon
https://git.kernel.org/stable/c/4c38600feb81c670edb82e49d201d3d2d00cd4c3 cve-icon cve-icon
https://git.kernel.org/stable/c/8e3a3192ef78d8302916408d62813b1fddfc8972 cve-icon cve-icon
https://git.kernel.org/stable/c/a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8 cve-icon cve-icon
https://git.kernel.org/stable/c/cf29329a13df79c198b45dfc92577638d30b56fa cve-icon cve-icon
https://git.kernel.org/stable/c/f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2 cve-icon cve-icon
History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths There are two places where ksmbd_vfs_kern_path_end_removing() needs to be called in order to balance what the corresponding successful call to ksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like: BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handle_ksmbd_work 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660 #1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handle_ksmbd_work Call Trace: <TASK> dump_stack_lvl+0x44/0x5b process_one_work.cold+0x57/0x5c worker_thread+0x82/0x600 kthread+0x153/0x190 ret_from_fork+0x22/0x30 </TASK> Found by Linux Verification Center (linuxtesting.org).
Title ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:17:43.229Z

Reserved: 2026-05-13T15:03:33.086Z

Link: CVE-2026-45924

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:07.413

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.