CVE-2025-22041

In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection of the first channel. session that is freed through the global session table can be accessed again through ->sessions of connection.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22041.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0626e6641f6b467447c81dd7678a69c66f7746cf

Fixed

f0eb3f575138b816da74697bd506682574742fcd

Fixed

a8a8ae303a8395cbac270b5b404d85df6ec788f8

Fixed

ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b

Fixed

8ed0e9d2f410f63525afb8351181eea36c80bcf1

Fixed

33cc29e221df7a3085ae413e8c26c4e81a151153

Fixed

15a9605f8d69dc85005b1a00c31a050b8625e1aa

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22041.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

6.1.134

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.87

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.23

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.11

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22041.json"