CVE-2025-22041

ksmbd: fix use-after-free in ksmbd_sessions_deregister()

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection.

References

Link	Tags
https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd	patch
https://git.kernel.org/stable/c/a8a8ae303a8395cbac270b5b404d85df6ec788f8	patch
https://git.kernel.org/stable/c/ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b	patch
https://git.kernel.org/stable/c/8ed0e9d2f410f63525afb8351181eea36c80bcf1	patch
https://git.kernel.org/stable/c/33cc29e221df7a3085ae413e8c26c4e81a151153	patch
https://git.kernel.org/stable/c/15a9605f8d69dc85005b1a00c31a050b8625e1aa	patch

Frequently Asked Questions

What is the severity of CVE-2025-22041?: CVE-2025-22041 has been scored as a high severity vulnerability.
How to fix CVE-2025-22041?: To fix CVE-2025-22041, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-22041 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-22041 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-22041?: CVE-2025-22041 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions