QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-71150

Back to search

CVE-2025-71150

Published: Jan 23, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.

VendorProductVersions

Linux

Linux

affected
2107ab40629aeabbec369cf34b8cf0f288c3eb1b - < 11fe566b442e3bc2774191740fd377739a87a1c0
affected
37a0e2b362b3150317fb6e2139de67b1e29ae5ff - < 0fb87b28cafae71e9c8248432cc3a6a1fd759efc
affected
450a844c045ff0895d41b05a1cbe8febd1acfcfd - < e54fb2a4772545701766cba08aab20de5eace8cd
affected
a39e31e22a535d47b14656a7d6a893c7f6cf758c - < 02e06785e85b4bd86ef3d23b7c8d87acc76773d5
affected
b95629435b84b9ecc0c765995204a4d8a913ed52 - < 8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7

+5 more versions

Linux

Linux

affected
6.13
unaffected
0 - < 6.13
unaffected
5.15.203 - <= 5.15.*
unaffected
6.1.160 - <= 6.1.*
unaffected
6.6.120 - <= 6.6.*

+3 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now