CVE-2025-71150

When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbdusersession_put to release the reference to the session.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71150.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2107ab40629aeabbec369cf34b8cf0f288c3eb1b

Fixed

11fe566b442e3bc2774191740fd377739a87a1c0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

37a0e2b362b3150317fb6e2139de67b1e29ae5ff

Fixed

0fb87b28cafae71e9c8248432cc3a6a1fd759efc

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

450a844c045ff0895d41b05a1cbe8febd1acfcfd

Fixed

e54fb2a4772545701766cba08aab20de5eace8cd

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a39e31e22a535d47b14656a7d6a893c7f6cf758c

Fixed

02e06785e85b4bd86ef3d23b7c8d87acc76773d5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b95629435b84b9ecc0c765995204a4d8a913ed52

Fixed

8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7

Fixed

cafb57f7bdd57abba87725eb4e82bbdca4959644

Affected versions

v5.*

v5.15.176

v5.15.177

v5.15.178

v5.15.179

v5.15.180

v5.15.181

v5.15.182

v5.15.183

v5.15.184

v5.15.185

v5.15.186

v5.15.187

v5.15.188

v5.15.189

v5.15.190

v5.15.191

v5.15.192

v5.15.193

v5.15.194

v5.15.195

v5.15.196

v5.15.197

v5.15.198

v5.15.199

v5.15.200

v5.15.201

v5.15.202

v6.*

v6.1.121

v6.1.122

v6.1.123

v6.1.124

v6.1.125

v6.1.126

v6.1.127

v6.1.128

v6.1.129

v6.1.130

v6.1.131

v6.1.132

v6.1.133

v6.1.134

v6.1.135

v6.1.136

v6.1.137

v6.1.138

v6.1.139

v6.1.140

v6.1.141

v6.1.142

v6.1.143

v6.1.144

v6.1.145

v6.1.146

v6.1.147

v6.1.148

v6.1.149

v6.1.150

v6.1.151

v6.1.152

v6.1.153

v6.1.154

v6.1.155

v6.1.156

v6.1.157

v6.1.158

v6.1.159

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.40

v6.12.41

v6.12.42

v6.12.43

v6.12.44

v6.12.45

v6.12.46

v6.12.47

v6.12.48

v6.12.49

v6.12.50

v6.12.51

v6.12.52

v6.12.53

v6.12.54

v6.12.55

v6.12.56

v6.12.57

v6.12.58

v6.12.59

v6.12.6

v6.12.60

v6.12.61

v6.12.62

v6.12.63

v6.12.7

v6.12.8

v6.12.9

v6.6.100

v6.6.101

v6.6.102

v6.6.103

v6.6.104

v6.6.105

v6.6.106

v6.6.107

v6.6.108

v6.6.109

v6.6.110

v6.6.111

v6.6.112

v6.6.113

v6.6.114

v6.6.115

v6.6.116

v6.6.117

v6.6.118

v6.6.119

v6.6.67

v6.6.68

v6.6.69

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.6.94

v6.6.95

v6.6.96

v6.6.97

v6.6.98

v6.6.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71150.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.203

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.160

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.120

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.64

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71150.json"