Listen to this Post
How CVE-2025-37802 Works
The vulnerability occurs in the Linux kernel’s `ksmbd` (SMB server) component when handling durable file handles. The function `ksmbd_durable_scavenger_alive()` incorrectly attempts to acquire a mutex lock while in a `TASK_UNINTERRUPTIBLE` state, triggered by wait_event_timeout(). This violates kernel scheduling rules, as blocking operations (like mutex locks) must not be called when the task isn’t in a `TASK_RUNNING` state. The race condition could lead to deadlocks or kernel warnings under high load. Attackers might exploit this to disrupt SMB file-sharing services by forcing repeated scheduling violations.
DailyCVE Form
Platform: Linux Kernel
Version: 5.15 – 6.8
Vulnerability: Race Condition
Severity: Medium
Date: 2025-06-05
Prediction: Patch by 2025-08-15
What Undercode Say:
Exploitation Analysis
1. Trigger Condition: High SMB durable handle load.
2. Impact: Kernel log spam, potential service degradation.
3. PoC Code:
while true; do smbclient //target/share -U user%pass -c "open long-lived-file"; done
Protection Commands
- Mitigation: Disable durable handles (
echo 0 > /sys/module/ksmbd/parameters/enable_durable_handle).
2. Detection:
dmesg | grep "WARNING: do not call blocking ops"
3. Kernel Config Check:
grep CONFIG_SMB_SERVER /boot/config-$(uname -r)
Patch Verification
// Expected fix removes mutex from ksmbd_durable_scavenger_alive()
static bool ksmbd_durable_scavenger_alive(void)
{
return !kthread_should_stop(); // Simplified check
}
Debugging
perf probe -a 'ksmbd_durable_scavenger_alive' echo 'p:ksmbd_durable_scavenger_alive ksmbd_durable_scavenger_alive' > /sys/kernel/debug/tracing/kprobe_events
References
- Kernel Git Commit: `git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=[bash]`
– CVSS: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
