Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the destroyprevioussession function. The issue results from the lack of...

CVE-2025-37778 ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-22037

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...

CVE-2025-21660

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbdvfskernpathlocked When ksmbdvfskernpathlocked met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the...

CVE-2024-57925 ksmbd: fix a missing return value check bug

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2sendinterimresp, if ksmbdallocworkstruct fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an illegal memory write of...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory reuse after release issue in ksmbdtcpnewconnection...