VYPR
High severity8.8NVD Advisory· Published Apr 16, 2025· Updated Apr 6, 2026

CVE-2025-22040

CVE-2025-22040

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix session use-after-free in multichannel connection

There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15,<6.1.134
    • (no CPE)

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.