CVE-2025-37777

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37777

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37777.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-37777

Downstream

BELL-CVE-2025-37777

DEBIAN-CVE-2025-37777

ECHO-d43b-2aa6-0475

UBUNTU-CVE-2025-37777

USN-7594-1

USN-7594-2

USN-7594-3

Published

2025-05-01T14:15:41Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in _smb2leasebreaknoti()

Move tcptransport free to ksmbdconnfree. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcptransport is freed. _smb2leasebreaknoti can be performed asynchronously when the connection is disconnected. _smb2leasebreaknoti calls ksmbdconnwrite, which can cause use-after-free when conn->ksmbd_transport is already freed.

References

Affected packages