CVE-2025-38437

ksmbd: fix potential use-after-free in oplock/lease break ack

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by
accessing opinfo->state and opinfo_put and ksmbd_fd_put could
called twice.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige el uso potencial use-after-free en el acuse de recibo de interrupción de oplock/lease Si ksmbd_iov_pin_rsp devuelve un error, el use-after-free puede ocurrir al acceder a opinfo->state y opinfo_put y ksmbd_fd_put podrían ser llamados dos veces.

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.41-1.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-29 CVE Updated
2025-08-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0	2025-07-17
https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9	2025-07-17
https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477	2025-07-17
https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd	2025-07-17
https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e	2025-07-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.12.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.12.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.15.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.15.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.16"		en		Affected