CVE-2025-37926

HIGH

Linux Kernel 5.15-6.14.5 - Use-After-Free in ksmbd_session_rpc_open

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition between ksmbd_session_rpc_open() and __session_rpc_close(). Add rpc_lock to the session to protect it.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/a4348710a7267705b75692dc1a000920481d1d92

Patch

https://git.kernel.org/stable/c/1067361a1cc6ad9cdf7acfc47f90012b72ad1502

Patch

https://git.kernel.org/stable/c/8fb3b6c85b7e3127161623586b62abcc366caa20

Patch

https://git.kernel.org/stable/c/6323fec65fe54b365961fed260dd579191e46121

Patch

https://git.kernel.org/stable/c/a1f46c99d9ea411f9bf30025b912d881d36fc709

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 9.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (18)

linux/Kernel 5.15.0 - 6.1.162linux

linux/Kernel 6.13.0 - 6.14.6linux

linux/Kernel 6.2.0 - 6.6.122linux

linux/Kernel 6.7.0 - 6.12.28linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 1067361a1cc6ad9cdf7acfc47f90012b72ad1502

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 6323fec65fe54b365961fed260dd579191e46121

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 8fb3b6c85b7e3127161623586b62abcc366caa20

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - a1f46c99d9ea411f9bf30025b912d881d36fc709

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - a4348710a7267705b75692dc1a000920481d1d92

... and 8 more

Published May 20, 2025

Tracked Since Feb 18, 2026