CVE-2025-38437

Sažetak

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice.

Reference

https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e
https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd
https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477
https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9
https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

22-12-2025 - 21:55

Objavljeno

25-07-2025 - 16:15