Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21945
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-01 Apr, 2025 | 15:41
Updated At-04 May, 2025 | 07:25
Rejected At-
▼CVE Numbering Authority (CNA)
ksmbd: fix use-after-free in smb2_lock

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/smb/server/smb2pdu.c
Default Status
unaffected
Versions
Affected
  • From 0626e6641f6b467447c81dd7678a69c66f7746cf before 410ce35a2ed6d0e114132bba29af49b69880c8c7 (git)
  • From 0626e6641f6b467447c81dd7678a69c66f7746cf before 8573571060ca466cbef2c6f03306b2cc7b883506 (git)
  • From 0626e6641f6b467447c81dd7678a69c66f7746cf before a0609097fd10d618aed4864038393dd75131289e (git)
  • From 0626e6641f6b467447c81dd7678a69c66f7746cf before 636e021646cf9b52ddfea7c809b018e91f2188cb (git)
  • From 0626e6641f6b467447c81dd7678a69c66f7746cf before 84d2d1641b71dec326e8736a749b7ee76a9599fc (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/smb/server/smb2pdu.c
Default Status
affected
Versions
Affected
  • 5.15
Unaffected
  • From 0 before 5.15 (semver)
  • From 6.1.131 through 6.1.* (semver)
  • From 6.6.83 through 6.6.* (semver)
  • From 6.12.19 through 6.12.* (semver)
  • From 6.13.7 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7
N/A
https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506
N/A
https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e
N/A
https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb
N/A
https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found