Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.15, < 6.1.146 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057ePatch
- https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acdPatch
- https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477Patch
- https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9Patch
- https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38437?
CVE-2025-38437 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by acce...
How severe is CVE-2025-38437?
CVE-2025-38437 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38437?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.