7.8

CVE-2025-37778

ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix dangling pointer in krb_authenticate

krb_authenticate frees sess->user and does not set the pointer
to NULL. It calls ksmbd_krb5_authenticate to reinitialise
sess->user but that function may return without doing so. If
that happens then smb2_sess_setup, which calls krb_authenticate,
will be accessing free'd memory when it later uses sess->user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.135
LinuxLinux Kernel Version >= 6.2 < 6.6.88
LinuxLinux Kernel Version >= 6.7 < 6.12.25
LinuxLinux Kernel Version >= 6.13 < 6.14.4
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10
Patch
https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325
Patch
https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e
Patch
https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6
Patch
https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/b61f04d5d73c53d183019bafe22fb700a739bac5