CVE-2025-37777
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37777
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37777.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37777
- Downstream
- Published
- 2025-05-01T13:07:15Z
- Modified
- 2025-10-18T00:32:18.575463Z
- Summary
- ksmbd: fix use-after-free in __smb2_lease_break_noti()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in _smb2leasebreaknoti()
Move tcptransport free to ksmbdconnfree. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcptransport is freed. _smb2leasebreaknoti can be performed asynchronously when the connection is disconnected. _smb2leasebreaknoti calls ksmbdconnwrite, which can cause use-after-free when conn->ksmbd_transport is already freed.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e
- https://git.kernel.org/stable/c/1da8bd9a10ecd718692732294d15fd801c0eabb5
- https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de
- https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed1da8bd9a10ecd718692732294d15fd801c0eabb5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixede59796fc80603bcd8569d4d2e10b213c1918edb4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de
Affected versions
v5.*
v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.15-rc1
v6.15-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.100
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-37777-07be2382",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1da8bd9a10ecd718692732294d15fd801c0eabb5",
"signature_version": "v1",
"digest": {
"line_hashes": [
"244925380390686959413247943589942750751",
"198340796978680494857142620149331406034",
"128252697366015595022104555781508470784",
"43531944962714734602754602338587539472",
"274926062591264905708396531017642612846",
"2233985945407496028077740120732971801",
"340194260114015011096242397000360909472",
"134057242152369155169905803097317305544",
"117301860290254755777703975818493988619",
"298151407874447256370396348819249069176",
"124026478643071365450243622137513655359",
"225731167046724467884826941214687076670"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-09951281",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c",
"function": "ksmbd_conn_free"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e",
"signature_version": "v1",
"digest": {
"length": 304.0,
"function_hash": "309088615194714782228226031824775298850"
}
},
{
"id": "CVE-2025-37777-0bd87101",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c",
"function": "ksmbd_conn_free"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e59796fc80603bcd8569d4d2e10b213c1918edb4",
"signature_version": "v1",
"digest": {
"length": 304.0,
"function_hash": "309088615194714782228226031824775298850"
}
},
{
"id": "CVE-2025-37777-21358e1a",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1da8bd9a10ecd718692732294d15fd801c0eabb5",
"signature_version": "v1",
"digest": {
"line_hashes": [
"16876576300729674759621726220426369148",
"321099642552372706716234098530518454568",
"132778047070297345343291286609239496274",
"19566115157695354226494426399436309776",
"123975729704835199244622829468859828955"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-214ac973",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c",
"function": "free_transport"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1da8bd9a10ecd718692732294d15fd801c0eabb5",
"signature_version": "v1",
"digest": {
"length": 227.0,
"function_hash": "81037675617900602579610053952540704620"
}
},
{
"id": "CVE-2025-37777-2a4b1c5d",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c",
"function": "ksmbd_conn_free"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1da8bd9a10ecd718692732294d15fd801c0eabb5",
"signature_version": "v1",
"digest": {
"length": 304.0,
"function_hash": "309088615194714782228226031824775298850"
}
},
{
"id": "CVE-2025-37777-34fa6b14",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"signature_version": "v1",
"digest": {
"line_hashes": [
"16876576300729674759621726220426369148",
"321099642552372706716234098530518454568",
"132778047070297345343291286609239496274",
"19566115157695354226494426399436309776",
"123975729704835199244622829468859828955"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-417cb9a8",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"20526967447215025286069267179621553226",
"190379167096435062449014731986763115601",
"45387949899205224303742145506758353419"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-53683021",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"signature_version": "v1",
"digest": {
"line_hashes": [
"244925380390686959413247943589942750751",
"198340796978680494857142620149331406034",
"128252697366015595022104555781508470784",
"43531944962714734602754602338587539472",
"274926062591264905708396531017642612846",
"2233985945407496028077740120732971801",
"340194260114015011096242397000360909472",
"134057242152369155169905803097317305544",
"117301860290254755777703975818493988619",
"298151407874447256370396348819249069176",
"124026478643071365450243622137513655359",
"225731167046724467884826941214687076670"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-6732addb",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"244925380390686959413247943589942750751",
"198340796978680494857142620149331406034",
"128252697366015595022104555781508470784",
"43531944962714734602754602338587539472",
"274926062591264905708396531017642612846",
"2233985945407496028077740120732971801",
"340194260114015011096242397000360909472",
"134057242152369155169905803097317305544",
"117301860290254755777703975818493988619",
"298151407874447256370396348819249069176",
"124026478643071365450243622137513655359",
"225731167046724467884826941214687076670"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-676625c6",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c",
"function": "ksmbd_conn_free"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"signature_version": "v1",
"digest": {
"length": 304.0,
"function_hash": "309088615194714782228226031824775298850"
}
},
{
"id": "CVE-2025-37777-7220a412",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e59796fc80603bcd8569d4d2e10b213c1918edb4",
"signature_version": "v1",
"digest": {
"line_hashes": [
"244925380390686959413247943589942750751",
"198340796978680494857142620149331406034",
"128252697366015595022104555781508470784",
"43531944962714734602754602338587539472",
"274926062591264905708396531017642612846",
"2233985945407496028077740120732971801",
"340194260114015011096242397000360909472",
"134057242152369155169905803097317305544",
"117301860290254755777703975818493988619",
"298151407874447256370396348819249069176",
"124026478643071365450243622137513655359",
"225731167046724467884826941214687076670"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-769d4fb9",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"16876576300729674759621726220426369148",
"321099642552372706716234098530518454568",
"132778047070297345343291286609239496274",
"19566115157695354226494426399436309776",
"123975729704835199244622829468859828955"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-8de09f9e",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c",
"function": "free_transport"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e59796fc80603bcd8569d4d2e10b213c1918edb4",
"signature_version": "v1",
"digest": {
"length": 227.0,
"function_hash": "81037675617900602579610053952540704620"
}
},
{
"id": "CVE-2025-37777-a5aa25e0",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c",
"function": "free_transport"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e",
"signature_version": "v1",
"digest": {
"length": 227.0,
"function_hash": "81037675617900602579610053952540704620"
}
},
{
"id": "CVE-2025-37777-ad5d4fdf",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e59796fc80603bcd8569d4d2e10b213c1918edb4",
"signature_version": "v1",
"digest": {
"line_hashes": [
"20526967447215025286069267179621553226",
"190379167096435062449014731986763115601",
"45387949899205224303742145506758353419"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-b2076a69",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1da8bd9a10ecd718692732294d15fd801c0eabb5",
"signature_version": "v1",
"digest": {
"line_hashes": [
"70474968356886446079720425332651683744",
"319077194458925099733333092614767952770"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-c06b8b86",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"signature_version": "v1",
"digest": {
"line_hashes": [
"20526967447215025286069267179621553226",
"190379167096435062449014731986763115601",
"45387949899205224303742145506758353419"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-f4209085",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "fs/smb/server/connection.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e59796fc80603bcd8569d4d2e10b213c1918edb4",
"signature_version": "v1",
"digest": {
"line_hashes": [
"16876576300729674759621726220426369148",
"321099642552372706716234098530518454568",
"132778047070297345343291286609239496274",
"19566115157695354226494426399436309776",
"123975729704835199244622829468859828955"
],
"threshold": 0.9
}
},
{
"id": "CVE-2025-37777-fa17fe77",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "fs/smb/server/transport_tcp.c",
"function": "free_transport"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de",
"signature_version": "v1",
"digest": {
"length": 227.0,
"function_hash": "81037675617900602579610053952540704620"
}
}
]