PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45924 Linux CVE debrief

A resource leak vulnerability in the Linux kernel's ksmbd SMB server implementation can lead to deadlocks and system instability. The flaw occurs when error paths fail to properly release inode locks and references acquired during path lookup operations, resulting in unbalanced locking that triggers kernel warnings and potential denial of service.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

System administrators running Linux kernels with ksmbd (kernel SMB server) enabled; security teams tracking kernel SMB implementation vulnerabilities; organizations using ksmbd for file sharing services who need to ensure service availability

Technical summary

The ksmbd kernel SMB server contains a resource management flaw where two error paths fail to invoke ksmbd_vfs_kern_path_end_removing() after successful calls to ksmbd_vfs_kern_path_start_removing(). This omission leaves inode locks held and references unreleased, causing lock imbalance detected by the kernel's lock debugging infrastructure. The bug triggers 'workqueue leaked lock or atomic' warnings with stack traces showing ksmbd_vfs_kern_path_locked holding sb_writers and i_mutex_dir_key locks. While the immediate symptom is a warning, the underlying unbalanced locking can lead to deadlocks affecting SMB server availability. The vulnerability is local in nature (requires SMB operations that trigger the error paths) and affects systems with ksmbd enabled. Multiple stable kernel branches have received backports of the fix.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from your Linux distribution that include the ksmbd fix for CVE-2026-45924
  • If running custom kernels with ksmbd enabled, cherry-pick the appropriate stable branch commit for your kernel version
  • Monitor kernel logs for 'workqueue leaked lock or atomic' messages indicating potential trigger of this bug
  • Consider temporarily disabling ksmbd if patches are unavailable and the SMB server functionality is not critical
  • Review ksmbd error handling paths if maintaining out-of-tree ksmbd patches

Evidence notes

The CVE description confirms the vulnerability exists in ksmbd, the kernel SMB server. The fix involves adding missing calls to ksmbd_vfs_kern_path_end_removing() on two error paths to properly balance lock acquisition and reference counting. Kernel log evidence shows the bug manifests as 'workqueue leaked lock or atomic' warnings with 2 locks held (sb_writers and i_mutex_dir_key) in the ksmbd_vfs_kern_path_locked function. Multiple stable kernel commits are referenced, indicating backports to supported kernel versions.

Official resources

The vulnerability was disclosed on 2026-05-27 via the CVE Program and NVD. The issue was identified by the Linux Verification Center (linuxtesting.org) and subsequently patched in the Linux kernel stable branches.