CVE-2025-21945

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb2_lock

If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 410ce35a2ed6d0e114132bba29af49b69880c8c7affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 8573571060ca466cbef2c6f03306b2cc7b883506affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < a0609097fd10d618aed4864038393dd75131289eaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 636e021646cf9b52ddfea7c809b018e91f2188cbaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 84d2d1641b71dec326e8736a749b7ee76a9599fcaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.1.131 <= 6.1.*unaffected
LinuxLinux6.6.83 <= 6.6.*unaffected
LinuxLinux6.12.19 <= 6.12.*unaffected
LinuxLinux6.13.7 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References