CVE-2025-37899Use After Free in Linux

CWE-416Use After Free45 documents10 sources
Severity
7.8HIGHNVD
OSV5.5OSV3.2
EPSS
0.1%
top 82.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedMay 20
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.156.12.28+2
Debianlinux/linux_kernel< 6.1.159-1+2
Ubuntulinux/linux_kernel< 6.8.0-101.101+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-24
OSV
linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities2026-03-10
OSV
linux-aws-fips vulnerabilities2026-03-04

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-24
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-03-10
Ubuntu
Linux kernel (AWS FIPS) vulnerabilities2026-03-04

🕵️Threat Intelligence

4
Huntress
The Evolving Linux Threat Landscape2026-03-03
Huntress
AI: Friend or Faux in Cybersecurity? Huntress Tradecraft Tuesday2025-06-30
Huntress
The Evolving Linux Threat Landscape | Huntress
Huntress
AI: Friend or Faux in Cybersecurity? Huntress Tradecraft Tuesday | Huntress

📄Research Papers

1
arXiv
On the Surprising Efficacy of LLMs for Penetration-Testing2025-07-01
CVE-2025-37899 — Use After Free in Linux | cvebase