← Back

CVE-2025-37899

nvd nist
Published: May 20, 2025Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Affected (6)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 5.15 to 6.12.28
From 6.13 to 6.14.6
Version 6.15 rc1
Version 6.15 rc2
Version 6.15 rc3
Version 6.15 rc4

References (7)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.