5.5

CVE-2025-39692

smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()

In the Linux kernel, the following vulnerability has been resolved:

smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()

We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()!

Otherwise already existing connections try to use smb_direct_wq as
a NULL pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.149
LinuxLinux Kernel Version >= 6.2 < 6.6.103
LinuxLinux Kernel Version >= 6.7 < 6.12.44
LinuxLinux Kernel Version >= 6.13 < 6.16.4
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/524e90e58a267dad11e23351d9e4b1f941490976
Patch
https://git.kernel.org/stable/c/212eb86f75b4d7b82f3d94aed95ba61103bccb93
Patch
https://git.kernel.org/stable/c/003e6a3150299f681f34cb189aa068018cef6a45
Patch
https://git.kernel.org/stable/c/e41e33400516702427603f8fbbec43c91ede09c0
Patch
https://git.kernel.org/stable/c/bac7b996d42e458a94578f4227795a0d4deef6fa
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html