CVE-2025-38437

HIGH

Linux Kernel 5.15-6.1.146 6.2.0-6.6.99 6.7.0-6.12.39 6.13.0-6.15.7 - Use-After-Free in Oplock/Lease Break Acknowledgment

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice.

References (6)

Core 6

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0

Patch

https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9

Patch

https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477

Patch

https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd

Patch

https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (19)

debian/debian_linux 11.0

linux/Kernel 5.15.0 - 6.1.146linux

linux/Kernel 6.13.0 - 6.15.7linux

linux/Kernel 6.2.0 - 6.6.99linux

linux/Kernel 6.7.0 - 6.12.39linux

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 50f930db22365738d9387c974416f38a06e8057e

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 8106adc21a2270c16abf69cd74ccd7c79c6e7acd

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 97c355989928a5f60b228ef5266c1be67a46cdf9

... and 9 more

Published Jul 25, 2025

Tracked Since Feb 18, 2026