AZL-78425

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78425.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78425

Upstream

CVE-2025-71150

Published

2026-01-23T15:16:05Z

Modified

2026-04-01T05:23:14.552356Z

Summary

CVE-2025-71150 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix refcount leak when invalid session is found on session lookup

When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbdusersession_put to release the reference to the session.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-71150

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78425.json"