CVE-2025-37899

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel

Description: A use-after-free vulnerability exists in the ksmbd module of the Linux kernel, specifically in the smb2 sess setup function. This flaw could allow a remote attacker to cause a denial of service. The vulnerability was discovered using OpenAI’s o3 model, which analyzed code to identify the issue. The model identified a race condition in the SMB logoff handler, leading to the use-after-free vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

RCE

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-06026

CVE-2025-37899

ECHO-1E9D-9C2B-8B11

USN-7649-1

USN-7649-2

USN-7650-1

USN-7665-1

USN-7665-2

USN-7721-1

USN-8059-1

USN-8059-2

USN-8059-3

USN-8059-4

USN-8059-5

USN-8059-6

USN-8059-7

USN-8059-8

USN-8059-9

USN-8125-1

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-37899

Weakness Enumeration

Related Identifiers

Affected Products

References · 1429