CVE-2025-21967

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbd_free_work_struct

->interim_entry of ksmbd_work could be deleted after oplock is freed. We don't need to manage it with linked list. The interim request could be immediately sent whenever a oplock break wait is needed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < fb776765bfc21d5e4ed03bb3d4406c2b86ff1ac3affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 62746ae3f5414244a96293e3b017be637b641280affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < eb51f6f59d19b92f6fe84d3873f958495ab32f0aaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < bb39ed47065455604729404729d9116868638d31affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.6.84 <= 6.6.*unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References