9.8
CVE-2025-37924
- EPSS 0.27%
- Veröffentlicht 20.05.2025 15:21:52
- Zuletzt bearbeitet 02.04.2026 09:16:18
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ksmbd: fix use-after-free in kerberos authentication
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 6.1.138
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.90
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.28
Linux ≫ Linux Kernel Version >= 6.13 < 6.14.6
Linux ≫ Linux Kernel Version6.15 Updaterc1
Linux ≫ Linux Kernel Version6.15 Updaterc2
Linux ≫ Linux Kernel Version6.15 Updaterc3
Linux ≫ Linux Kernel Version6.15 Updaterc4
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.5 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.