CVE-2025-71150
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix refcount leak when invalid session is found on session lookup
When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's ksmbd, a refcount leak occurs when an invalid session is found during lookup, potentially leading to resource exhaustion.
Vulnerability
Overview
CVE-2025-71150 is a reference count leak vulnerability in the ksmbd subsystem of the Linux kernel. The issue arises during session lookup: when a session is found but its state is not SMB2_SESSION_VALID, the code incorrectly treats this as no valid session being found, but fails to decrement the reference count that was acquired during the lookup. This omission causes a reference count leak, meaning the session object's reference counter is not properly balanced.
Exploitation
An attacker who can initiate SMB2 session requests to a system running ksmbd could trigger this code path. The attack requires the ability to cause a session lookup that returns a session in an invalid state. No special privileges beyond network access to the SMB service are needed. The vulnerability is in the session lookup logic, which is reachable from unauthenticated or partially authenticated states.
Impact
Repeatedly triggering this leak could exhaust kernel memory or other resources tied to the session objects, potentially leading to a denial-of-service (DoS) condition. The CVSS v3 base score of 5.5.5 (Medium) reflects the availability impact, though the attack complexity is low and no authentication is required.
Mitigation
The fix, which adds an explicit call to ksmbd_user_session_put to release the reference, has been applied to the Linux kernel stable tree. Patches are available in commits [1], [2], [3], and [4]. Users should update their kernel to include the fix. No workaround is documented.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15.176,<5.16
- cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5nvdPatch
- git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efcnvdPatch
- git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7nvdPatch
- git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644nvdPatch
- git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cdnvdPatch
- git.kernel.org/stable/c/11fe566b442e3bc2774191740fd377739a87a1c0nvd
News mentions
0No linked articles in our index yet.