Main Vulnerability Database SB2025020377

SB2025020377 - Double free in Linux kernel smb client

Published: February 3, 2025

Security Bulletin ID SB2025020377

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Double free (CVE-ID: CVE-2025-21673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a
https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a
https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e