7.8

CVE-2025-68817

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Under high concurrency, A tree-connection object (tcon) is freed on
a disconnect path while another path still holds a reference and later
executes *_put()/write on it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.145 < 5.15.199
LinuxLinux Kernel Version >= 6.1.71 < 6.1.160
LinuxLinux Kernel Version >= 6.6.1 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.3
LinuxLinux Kernel Version6.6 Update-
LinuxLinux Kernel Version6.6 Updaterc5
LinuxLinux Kernel Version6.6 Updaterc6
LinuxLinux Kernel Version6.6 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.054
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a
Patch
https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4
Patch
https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
Patch
https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21
Patch
https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926
Patch
https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01
Patch