CVE-2025-68226

Linux Kernel 6.17.8-6.17.9 - Use-After-Free in SMB Client Cached FID Invalidation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix incomplete backport in cfids_invalidation_worker() The previous commit bdb596ceb4b7 ("smb: client: fix potential UAF in smb2_close_cached_fid()") was an incomplete backport and missed one kref_put() call in cfids_invalidation_worker() that should have been converted to close_cached_dir().

References (1)

Core 1

Core References

Patch

https://git.kernel.org/stable/c/abd29b6e17a918fdd68352ce4813e167acc8727e

Scores

EPSS 0.0003

EPSS Percentile 7.8%

Details

Status published

Products (3)

linux/Kernel 6.17.8 - 6.17.10linux

Linux/Linux 6.17.8 - 6.17.10

Linux/Linux bdb596ceb4b7c3f28786a33840263728217fbcf5 - abd29b6e17a918fdd68352ce4813e167acc8727e

Published Dec 16, 2025

Tracked Since Feb 18, 2026