CVE-2025-21955

high

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Increment r_count of ksmbd_conn to indicate that requests are not finished yet and to not release the connection.

References

https://git.kernel.org/stable/c/f17d1c63a76b0fe8e9c78023a86507a3a6d62cfa

https://git.kernel.org/stable/c/a4261bbc33fbf99b99c80aa3a2c5097611802980

https://git.kernel.org/stable/c/3aa660c059240e0c795217182cf7df32909dd917

https://git.kernel.org/stable/c/09aeab68033161cb54f194da93e51a11aee6144b

Details

Source: Mitre, NVD

Published: 2025-04-01

Updated: 2025-04-01

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018