CVE - CVE-2025-37899

CVE-ID
CVE-2025-37899	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/02d16046cd11a5c037b28c12ffb818c56dd3ef43 URL:https://git.kernel.org/stable/c/02d16046cd11a5c037b28c12ffb818c56dd3ef43 MISC:https://git.kernel.org/stable/c/2fc9feff45d92a92cd5f96487655d5be23fb7e2b URL:https://git.kernel.org/stable/c/2fc9feff45d92a92cd5f96487655d5be23fb7e2b MISC:https://git.kernel.org/stable/c/d5ec1d79509b3ee01de02c236f096bc050221b7f URL:https://git.kernel.org/stable/c/d5ec1d79509b3ee01de02c236f096bc050221b7f
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)