CVE-2025-22074

rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause r_count to become negative, which can lead to a problem where the ksmbd thread does not terminate.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22074.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

09aeab68033161cb54f194da93e51a11aee6144b

Fixed

4790bcb269e5d6d88200a67c54ae6d627332a3be

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a4261bbc33fbf99b99c80aa3a2c5097611802980

Fixed

457db486203c90e10c3efc87fd45cc7000b1cd36

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f17d1c63a76b0fe8e9c78023a86507a3a6d62cfa

Fixed

20378cf48359f39dee0ef9b61470ebe77bd49c0d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3aa660c059240e0c795217182cf7df32909dd917

Fixed

c2ec33d46b4d1c8085dab5d02e00b21f4f0fb8a9

Fixed

ddb7ea36ba7129c2ed107e2186591128618864e1

Affected versions

v6.*

v6.12.20

v6.12.21

v6.12.22

v6.13.10

v6.13.8

v6.13.9

v6.14

v6.14-rc7

v6.14.1

v6.6.84

v6.6.85

v6.6.86

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22074.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.87

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.23

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.11

Type: ECOSYSTEM
Events: Introduced

6.14.0

Fixed

6.14.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22074.json"