ROS-20260403-73-0002

A vulnerability in the smb2sesssetup function of the fs/smb/server/smb2pdu.c module of the ksmbd component of the Linux operating system kernel is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

SUSE CVE-2025-40285

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...

CVE-2025-40285

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...

CVE-2025-40285

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...

VulnCheck KEV: CVE-2025-37899

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess-user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for...

CVE-2023-3867 ksmbd: fix out of bounds read in smb2_sess_setup

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...

Linux Distros Unpatched Vulnerability : CVE-2025-37778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to...

PT-2025-18459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A dangling pointer issue in the krb authenticate function has been identified. The krb authenticate function frees sess-user but does not set the pointer to NULL. It then calls ksmbd krb...

SUSE CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...

PT-2024-2003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...

UBUNTU-CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...

AZL-27762 CVE-2023-32257 affecting package kernel for versions less than 5.15.135.1-2

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

CVE-2023-32247

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2SESSIONSETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a...

CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

AZL-27401 CVE-2023-32250 affecting package kernel for versions less than 5.15.118.1-1

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

Linux Kernel ksmbd Session Setup Memory Leak Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of...

PT-2023-2822 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to incorrect resource release in the ksmbd module of the Linux kernel, which can be exploited by a remote attacker to cause a denial-of-service using the SMB2...