CVE-2025-38437

HIGH EPSS 4.6%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <6.1.146
linuxlinux_kernel*≥6.2  –  <6.6.99
linuxlinux_kernel*≥6.7  –  <6.12.39
linuxlinux_kernel*≥6.13  –  <6.15.7
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0
    Patch