CVE-2025-21945
- Source
- https://cve.org/CVERecord?id=CVE-2025-21945
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21945.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21945
- Downstream
- Published
- 2025-04-01T15:41:08.471Z
- Modified
- 2026-05-07T04:15:57.132015Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ksmbd: fix use-after-free in smb2_lock
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in smb2_lock
If smblock->zerolen has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21945.json" }- References
-
- https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7
- https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb
- https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc
- https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506
- https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21945.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21945
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed410ce35a2ed6d0e114132bba29af49b69880c8c7Fixed8573571060ca466cbef2c6f03306b2cc7b883506Fixeda0609097fd10d618aed4864038393dd75131289eFixed636e021646cf9b52ddfea7c809b018e91f2188cbFixed84d2d1641b71dec326e8736a749b7ee76a9599fc