CVE-2025-22041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-22041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22041
Downstream
Related
Published
2025-04-16T14:11:58.250Z
Modified
2026-03-20T12:41:17.696903Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbdsessionsderegister()

In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22041.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0626e6641f6b467447c81dd7678a69c66f7746cf
Fixed
f0eb3f575138b816da74697bd506682574742fcd
Fixed
a8a8ae303a8395cbac270b5b404d85df6ec788f8
Fixed
ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b
Fixed
8ed0e9d2f410f63525afb8351181eea36c80bcf1
Fixed
33cc29e221df7a3085ae413e8c26c4e81a151153
Fixed
15a9605f8d69dc85005b1a00c31a050b8625e1aa

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22041.json"