In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in _smb2leasebreaknoti() Move tcptransport free to ksmbdconnfree. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn->tcptransport is freed. _smb2leasebreaknoti can be performed asynchronously when the connection is disconnected. _smb2leasebreaknoti calls ksmbdconnwrite, which can cause use-after-free when conn->ksmbd_transport is already freed.