CVE-2025-37777

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in __smb2_lease_break_noti()

Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed asynchronously when the connection is disconnected. __smb2_lease_break_noti calls ksmbd_conn_write, which can cause use-after-free when conn->ksmbd_transport is already freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 1da8bd9a10ecd718692732294d15fd801c0eabb5affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 1aec4d14cf81b7b3e7b69eb1cfa94144eed7138eaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < e59796fc80603bcd8569d4d2e10b213c1918edb4affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13deaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux6.6.101 <= 6.6.*unaffected
LinuxLinux6.12.26 <= 6.12.*unaffected
LinuxLinux6.14.4 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References