Primary

Context

Linux Kernel ksmbd Race Condition Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the Linux kernel's ksmbd component, specifically within the session setup process. This issue arises from improper locking during session lookup, leading to a race condition where an attacker can exploit the vulnerability to execute arbitrary code in the kernel's context. The vulnerability affects systems with ksmbd enabled, and does not require authentication to exploit.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system with kernel-level privileges.

Remediation

Linux has released a patch for this vulnerability. Details about the patch can be found in the Linux kernel's stable queue repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.0

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

5.0

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Race Condition Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux Kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating