CVE-2025-22041
Published: Apr 16, 2025
Modified: May 11, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < f0eb3f575138b816da74697bd506682574742fcdaffected 0626e6641f6b467447c81dd7678a69c66f7746cf - < a8a8ae303a8395cbac270b5b404d85df6ec788f8affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9baffected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 8ed0e9d2f410f63525afb8351181eea36c80bcf1affected 0626e6641f6b467447c81dd7678a69c66f7746cf - < 33cc29e221df7a3085ae413e8c26c4e81a151153+1 more versions |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 6.1.134 - <= 6.1.*unaffected 6.6.87 - <= 6.6.*unaffected 6.12.23 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now