CVE-2025-37777

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been resolved in the Linux kernel, specifically in the ksmbd component. The problem occurs when the ksmbd connection is referenced after the ksmbd server thread terminates, causing the conn->tcp transport to be freed prematurely. The smb2 lease break noti function can be executed asynchronously when a connection is disconnected, leading to a use-after-free error when conn->ksmbd transport is accessed after being freed. This issue is related to the ksmbd conn write function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

BDU:2026-02234

CVE-2025-37777

ECHO-D43B-2AA6-0475

OESA-2026-1228

OESA-2026-1229

USN-7594-1

USN-7594-2

USN-7594-3

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-37777

Weakness Enumeration

Related Identifiers

Affected Products

References · 1433