Luosili

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a race condition between session lookup and expire in the ksmbd component of the Linux kernel. This can lead to a use-after-free (UAF) condition, potentially allowing an attacker to elevate their privileges. The vulnerability is caused by the `ksmbd session lookup` and `ksmbd expire session` functions accessing the same session data without proper synchronization, resulting in a situation where a session is freed while still being accessed. The `xa load` and `xa erase` functions are involved in this process, and the `ksmbd session destroy` function is called with `kfree(sess)`, leading to the UAF condition. The patch adds a rwsem to fix the race condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free (uaf) vulnerability has been resolved in the Linux kernel, specifically in the ksmbd module. The issue is related to the smb20 oplock break ack function, where a reference is dropped after using opinfo. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.