CVE-2025-22040

HIGH

Linux Kernel - Use-After-Free in ksmbd Session Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it.

References (7)

Core 7

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Patch

https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f

Patch

https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737

Patch

https://git.kernel.org/stable/c/9069939d762138e232a6f79e3e1462682ed6a17d

Patch

https://git.kernel.org/stable/c/94c281721d4ed2d972232414b91d98a6f5bdb16b

Patch

https://git.kernel.org/stable/c/7dfbd4c43eed91dd2548a95236908025707a8dfd

Patch

https://git.kernel.org/stable/c/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db

Scores

CVSS v3 8.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (21)

debian/debian_linux 11.0

linux/Kernel 5.15.0 - 6.1.134linux

linux/Kernel 6.13.0 - 6.13.11linux

linux/Kernel 6.14.0 - 6.14.2linux

linux/Kernel 6.2.0 - 6.6.87linux

linux/Kernel 6.7.0 - 6.12.23linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 3980770cb1470054e6400fd97668665975726737

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 596407adb9af1ee75fe7c7529607783d31b66e7f

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 7dfbd4c43eed91dd2548a95236908025707a8dfd

... and 11 more

Published Apr 16, 2025

Tracked Since Feb 18, 2026