CVE-2025-37899

Published: May 20, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 931dc8a3670f71c45c0b1379ea4e92dafbda1aca` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 70ad6455139e26e85f48f95d0e21f351c1909342` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < d5ec1d79509b3ee01de02c236f096bc050221b7f` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 02d16046cd11a5c037b28c12ffb818c56dd3ef43` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 2fc9feff45d92a92cd5f96487655d5be23fb7e2b`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `6.1.159 - <= 6.1.` unaffected `6.6.119 - <= 6.6.` unaffected `6.12.28 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/931dc8a3670f71c45c0b1379ea4e92dafbda1aca

https://git.kernel.org/stable/c/70ad6455139e26e85f48f95d0e21f351c1909342

https://git.kernel.org/stable/c/d5ec1d79509b3ee01de02c236f096bc050221b7f

https://git.kernel.org/stable/c/02d16046cd11a5c037b28c12ffb818c56dd3ef43

https://git.kernel.org/stable/c/2fc9feff45d92a92cd5f96487655d5be23fb7e2b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-37899

Description

Affected Products

References