CVE-2025-37952

HIGH

Linux Kernel 5.15-6.6.90, 6.7-6.12.28, 6.13-6.14.6 - Use-After-Free in ksmbd File Table Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this. The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions which retrieve a file from the IDR and which already use this same lock.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/fec1f9e9a650e8e7011330a085c77e7bf2a08ea9

Patch

https://git.kernel.org/stable/c/9e9841e232b51171ddf3bc4ee517d5d28dc8cad6

Patch

https://git.kernel.org/stable/c/16727e442568a46d9cca69fe2595896de86e120d

Patch

https://git.kernel.org/stable/c/36991c1ccde2d5a521577c448ffe07fcccfe104d

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (15)

linux/Kernel 5.15.0 - 6.6.91linux

linux/Kernel 6.13.0 - 6.14.7linux

linux/Kernel 6.7.0 - 6.12.29linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 16727e442568a46d9cca69fe2595896de86e120d

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 36991c1ccde2d5a521577c448ffe07fcccfe104d

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 9e9841e232b51171ddf3bc4ee517d5d28dc8cad6

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - fec1f9e9a650e8e7011330a085c77e7bf2a08ea9

Linux/Linux 5.15

Linux/Linux 6.12.29 - 6.12.*

... and 5 more

Published May 20, 2025

Tracked Since Feb 18, 2026