PT-2025-14328 · Linux+7 · Linux Kernel+7

Published

2025-02-21

Updated

2026-05-26

CVE-2025-21947

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a type confusion vulnerability via a race condition when using ipc msg send request in the ksmbd component. This occurs because req->handle is allocated using ksmbd acquire id(&ipc ida), which is based on ida alloc. The req->handle from ksmbd ipc login request and FSCTL PIPE TRANSCEIVE ioctl can be the same, leading to type confusion between messages. As a result, this can cause access to unexpected parts of memory after an incorrect delivery. The ksmbd check does verify the type of ipc response but fails to continue checking the next ipc response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2025-12647

ALT-PU-2025-5786

AZL-59760

AZL-59862

BDU:2025-04648

CVE-2025-21947

DLA-4193-1

DSA-5900-1

ECHO-BBB3-B2C5-567E

OESA-2025-2120

OESA-2025-2121

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

USN-7764-1

USN-7764-2

USN-7765-1

USN-7766-1

USN-7767-1

USN-7767-2

USN-7779-1

USN-7790-1

USN-7800-1

USN-7801-1

USN-7801-2

USN-7801-3

USN-7802-1

USN-7809-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

Ksmbd

PT-2025-14328 · Linux+7 · Linux Kernel+7

CVE-2025-21947

Weakness Enumeration

Related Identifiers

Affected Products

References · 356