CVE-2025-37777

HIGH

Linux Kernel 5.15-6.6.100, 6.7-6.12.25, 6.13-6.14.3 - Use-After-Free in ksmbd Connection Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __smb2_lease_break_noti() Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed asynchronously when the connection is disconnected. __smb2_lease_break_noti calls ksmbd_conn_write, which can cause use-after-free when conn->ksmbd_transport is already freed.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/1da8bd9a10ecd718692732294d15fd801c0eabb5

Patch

https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e

Patch

https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4

Patch

https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (15)

linux/Kernel 5.15.0 - 6.6.101linux

linux/Kernel 6.13.0 - 6.14.4linux

linux/Kernel 6.7.0 - 6.12.26linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 1da8bd9a10ecd718692732294d15fd801c0eabb5

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - e59796fc80603bcd8569d4d2e10b213c1918edb4

Linux/Linux 5.15

Linux/Linux 6.12.26 - 6.12.*

... and 5 more

Published May 01, 2025

Tracked Since Feb 18, 2026