CVE-2025-37924

{"id": "CVE-2025-37924", "cveTags": [], "metrics": {}, "published": "2025-05-20T16:15:29.037", "references": [{"url": "https://git.kernel.org/stable/c/28c756738af44a404a91b77830d017bb0c525890", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b447463562238428503cfba1c913261047772f90", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e18c616718018dfc440e4a2d2b94e28fe91b1861", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e86e9134e1d1c90a960dd57f59ce574d27b9a124", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in kerberos authentication\n\nSetting sess->user = NULL was introduced to fix the dangling pointer\ncreated by ksmbd_free_user. However, it is possible another thread could\nbe operating on the session and make use of sess->user after it has been\npassed to ksmbd_free_user but before sess->user is set to NULL."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: correcci\u00f3n del use-after-free en la autenticaci\u00f3n Kerberos. Se introdujo la configuraci\u00f3n sess->user = NULL para corregir el puntero colgante creado por ksmbd_free_user. Sin embargo, es posible que otro hilo est\u00e9 operando en la sesi\u00f3n y utilice sess->user despu\u00e9s de que se haya pasado a ksmbd_free_user, pero antes de que sess->user se establezca en NULL."}], "lastModified": "2025-11-03T20:18:41.837", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}