Linux Kernel 5.15-6.12.28, 6.1.0-6.1.159, 6.2.0-6.6.119, 6.7.0-6.12.28, 6.13.0-6.14.6 - Use-After-Free in Session Logoff
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in session logoff
The sess->user object can currently be in use by another thread, for
example if another connection has sent a session setup request to
bind to the session being free'd. The handler for that connection could
be in the smb2_sess_setup function which makes use of sess->user.