CVE-2025-37924

EPSS 0.03%
Veröffentlicht 20.05.2025 15:21:52
Zuletzt bearbeitet 10.11.2025 20:48:10
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in kerberos authentication

Setting sess->user = NULL was introduced to fix the dangling pointer
created by ksmbd_free_user. However, it is possible another thread could
be operating on the session and make use of sess->user after it has been
passed to ksmbd_free_user but before sess->user is set to NULL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 6.1.138

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.90

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.28

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.6

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2

Patch

https://git.kernel.org/stable/c/b447463562238428503cfba1c913261047772f90

Patch

https://git.kernel.org/stable/c/e18c616718018dfc440e4a2d2b94e28fe91b1861

Patch

https://git.kernel.org/stable/c/28c756738af44a404a91b77830d017bb0c525890

Patch

https://git.kernel.org/stable/c/e86e9134e1d1c90a960dd57f59ce574d27b9a124

Patch

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37924

EUVD