ccss17

1 exploit Active since May 2025
CVE-2025-37899 NOMISEC HIGH WRITEUP
Linux Kernel 5.15-6.12.28, 6.1.0-6.1.159, 6.2.0-6.6.119, 6.7.0-6.12.28, 6.13.0-6.14.6 - Use-After-Free in Session Logoff
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.
CVSS 7.8