We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-37899

ksmbd: fix use-after-free in session logoff



Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Reserved 2025-04-16 | Published 2025-05-20 | Updated 2025-05-26 | Assigner Linux

Product status

Default status
unaffected

0626e6641f6b467447c81dd7678a69c66f7746cf before d5ec1d79509b3ee01de02c236f096bc050221b7f
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 02d16046cd11a5c037b28c12ffb818c56dd3ef43
affected

0626e6641f6b467447c81dd7678a69c66f7746cf before 2fc9feff45d92a92cd5f96487655d5be23fb7e2b
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

6.12.28
unaffected

6.14.6
unaffected

6.15
unaffected

References

git.kernel.org/...c/d5ec1d79509b3ee01de02c236f096bc050221b7f

git.kernel.org/...c/02d16046cd11a5c037b28c12ffb818c56dd3ef43

git.kernel.org/...c/2fc9feff45d92a92cd5f96487655d5be23fb7e2b

cve.org (CVE-2025-37899)

nvd.nist.gov (CVE-2025-37899)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-37899

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.