Linux Kernel ksmbd Component Use-After-Free Vulnerability in Multichannel Mode

Vulnerability

A use-after-free vulnerability has been identified in the ksmbd component of the Linux kernel, specifically in multichannel mode. The issue arises in the session_deregister function when the second channel establishes a session through the connection of the first channel. This can lead to a situation where a session that has been freed and is no longer valid can still be accessed via the connection's session table.

Impact

Exploitation of this vulnerability can lead to memory corruption issues, allowing for potential arbitrary code execution or causing a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Component Use-After-Free Vulnerability in Multichannel Mode

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating