Use-after-free Vulnerability in Linux Kernel's ksmbd Component
CVE-2025-21967

7.8HIGH

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
1 April 2025

Summary

A use-after-free vulnerability exists in the ksmbd component of the Linux kernel, which may be exploited when an interim entry of ksmbd_work is deleted after the associated oplock is freed. This flaw can lead to potential data corruption or system instability if an attacker manages to access the freed memory before it is reallocated. System administrators are advised to apply the latest patches and updates to mitigate the risk associated with this issue.

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 62746ae3f5414244a96293e3b017be637b641280

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

References

https://git.kernel.org/stable/c/fb776765bfc21d5e4ed03bb3d...
https://git.kernel.org/stable/c/62746ae3f5414244a96293e3b...
https://git.kernel.org/stable/c/eb51f6f59d19b92f6fe84d387...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.