CVE-2025-22040

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22040
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737
https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f
https://git.kernel.org/stable/c/7dfbd4c43eed91dd2548a95236908025707a8dfd
https://git.kernel.org/stable/c/9069939d762138e232a6f79e3e1462682ed6a17d
https://git.kernel.org/stable/c/94c281721d4ed2d972232414b91d98a6f5bdb16b
https://git.kernel.org/stable/c/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db
Configurations

No configuration.

History

21 Apr 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-416
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corregir sesión use-after-free en conexión multicanal. Existe una condición de ejecución entre la configuración de la sesión y ksmbd_sessions_deregister. La sesión puede liberarse antes de que la conexión se añada a la lista de canales de la sesión. Este parche comprueba el número de referencias de la sesión antes de liberarla.

16 Apr 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 15:15

Updated : 2025-04-21 15:15

NVD link : CVE-2025-22040

Mitre link : CVE-2025-22040

CVE.ORG link : CVE-2025-22040

JSON object : View

Products Affected

No product.

CWE
CWE-416

Use After Free