CVE-2025-37750Use After Free in Linux

CWE-416Use After FreeCWE-476NULL Pointer Dereference31 documents7 sources
Severity
7.8HIGHNVD
OSV7.1OSV5.9OSV5.5
EPSS
0.1%
top 79.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedMay 1
Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the channels started reusing AEAD TFM from primary channel to perform synchronous decryption, but that can't done as there could be multiple cifsd threads (one per channel) simultaneously accessing it to perform decryption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

NVDlinux/linux_kernel5.10.2375.11+7
Debianlinux/linux_kernel< 6.12.25-1+1
Ubuntulinux/linux_kernel< 6.8.0-64.67+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities2025-09-03
OSV
linux-raspi vulnerabilities2025-07-24
OSV
linux-raspi-realtime vulnerabilities2025-07-24
OSV
linux-gcp, linux-gcp-6.8 vulnerabilities2025-07-22
OSV
linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities2025-07-22

📋Vendor Advisories

16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-03
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-07-24
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-24
Ubuntu
Linux kernel (GCP) vulnerabilities2025-07-22
Ubuntu
Linux kernel vulnerabilities2025-07-22