CVE-2025-37952
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix UAF in __close_file_table_ids
A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while another thread holds a reference to it. The existing checks on fp->refcount are not sufficient to prevent this.
The fix takes ft->lock around the section which removes the file from the file table. This prevents two threads acquiring the same file pointer via __close_file_table_ids, as well as the other functions which retrieve a file from the IDR and which already use this same lock.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < fec1f9e9a650e8e7011330a085c77e7bf2a08ea9 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 9e9841e232b51171ddf3bc4ee517d5d28dc8cad6 | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 16727e442568a46d9cca69fe2595896de86e120d | affected |
| Linux | Linux | 0626e6641f6b467447c81dd7678a69c66f7746cf < 36991c1ccde2d5a521577c448ffe07fcccfe104d | affected |
| Linux | Linux | 5.15 | affected |
| Linux | Linux | 0 < 5.15 | unaffected |
| Linux | Linux | 6.6.91 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.29 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.7 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/fec1f9e9a650e8e7011330a085c77e7bf2a08ea9
- https://git.kernel.org/stable/c/9e9841e232b51171ddf3bc4ee517d5d28dc8cad6
- https://git.kernel.org/stable/c/16727e442568a46d9cca69fe2595896de86e120d
- https://git.kernel.org/stable/c/36991c1ccde2d5a521577c448ffe07fcccfe104d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.