Linux Kernel ksmbd Memory Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ksmbd component has been addressed, which involved improper memory management of cryptographic data. The issue arose from using kfree() to deallocate memory allocated by aead_request_alloc(), which could leave sensitive crypto information unprotected before it was freed. The vulnerability has been resolved by changing the deallocation method to aead_request_free(), ensuring that the sensitive data is zeroed out prior to being released.

Impact

The vulnerability could lead to the exposure of sensitive cryptographic data by failing to properly zero out memory before deallocation, potentially allowing for the recovery of this data after it was freed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Memory Management Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating