CVE-2025-37778

ksmbd: Fix dangling pointer in krb_authenticate

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authenticate krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_authenticate, will be accessing free'd memory when it later uses sess->user.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10
https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325
https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e
https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6
https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f

Frequently Asked Questions

What is the severity of CVE-2025-37778?
CVE-2025-37778 has not yet been assigned a CVSS score.
How to fix CVE-2025-37778?
To fix CVE-2025-37778, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37778 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37778 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37778?
CVE-2025-37778 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.