Use-after-free in Linux kernel smb server



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-21945
CWE-ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU106621

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the list_del() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.12.18

CPE2.3 External links

https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7
https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb
https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc
https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506
https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###