Linux Kernel Deadlock Vulnerability in CIFS SMB Client

A potential deadlock vulnerability has been identified in the Linux kernel's CIFS SMB client, specifically in versions through 6.16.0-rc3-build2+. The issue arises when reconnecting channels, as the function cifs_signal_cifsd_for_reconnect() does not follow the correct lock order. This mismanagement can lead to a circular locking dependency, causing a deadlock scenario where multiple locks are held simultaneously by the same task, halting further execution.

Impact

Exploitation of this vulnerability can lead to a deadlock, where the system becomes unresponsive due to circular locking dependencies.

Reproduction

The vulnerability can be reproduced by initiating a CIFS SMB3 mount operation that requires session reconnection. This process involves the CIFS client acquiring multiple locks in a specific order. If the cifs_signal_cifsd_for_reconnect() function is called during this operation, it can disrupt the lock sequence, creating a circular dependency that causes a deadlock.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.