In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All releasemid() callers seem to hold a reference of @mid so there is no need to call krefput(&mid->refcount, _releasemid) under @server->midlock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifsdemultiplexthread() cifsdebugdataprocshow() releasemid() spinlock(&server->midlock); spinlock(&cifstcpseslock) spinlock(&server->midlock) _releasemid() smb2findsmbtcon() spinlock(&cifstcpses_lock) deadlock