Use-After-Free Vulnerability in Linux Kernel Affecting SMB2 Lock Functionality
CVE-2025-21945

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

A use-after-free vulnerability exists within the Linux kernel's SMB2 lock handling that can lead to potential system instability. When the 'zero_len' attribute of an smb_lock structure is set, the associated 'llist' is not properly deleted, leaving a situation where a previously allocated memory block can be referenced after being freed. This issue may arise during error handling routines, allowing for unintended behaviors that could be exploited by malicious actors to execute arbitrary code or crash systems.

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 410ce35a2ed6d0e114132bba29af49b69880c8c7

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 8573571060ca466cbef2c6f03306b2cc7b883506

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

References

https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba2...

https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03...

https://git.kernel.org/stable/c/a0609097fd10d618aed486403...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024