CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-37926: ksmbd: fix use-after-free in ksmbd_session_rpc_open
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in ksmbd_session_rpc_open
A UAF issue can occur due to a race condition between
ksmbd_session_rpc_open() and __session_rpc_close().
Add rpc_lock to the session to protect it.
Classification
CVE ID: CVE-2025-37926
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.26% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-37926https://git.kernel.org/stable/c/8fb3b6c85b7e3127161623586b62abcc366caa20
https://git.kernel.org/stable/c/6323fec65fe54b365961fed260dd579191e46121
https://git.kernel.org/stable/c/a1f46c99d9ea411f9bf30025b912d881d36fc709