In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in _smb2leasebreaknoti() Move tcptransport free to ksmbdconnfree. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcptransport is freed. _smb2leasebreaknoti can be performed asynchronously when the connection is disconnected. _smb2leasebreaknoti calls ksmbdconnwrite, which can cause use-after-free when conn->ksmbd_transport is already freed.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1004.4", "binary_name": "linux-buildinfo-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-headers-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-image-unsigned-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-image-unsigned-6.14.0-1004-oem-dbgsym" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-ipu6-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-ipu7-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-iwlwifi-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-usbio-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-modules-vision-6.14.0-1004-oem" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-oem-6.14-headers-6.14.0-1004" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-oem-6.14-tools-6.14.0-1004" }, { "binary_version": "6.14.0-1004.4", "binary_name": "linux-tools-6.14.0-1004-oem" } ] }