CVE-2025-68263

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s ksmbd module contains a use-after-free issue within the ipc msg send request function. Specifically, the function waits for a generic netlink reply using an ipc msg table entry on the stack. The generic netlink handler fills entry->response under ipc msg table lock, but ipc msg send request previously validated and freed entry->response without holding the same lock. This allowed a race condition where handle response was copying data into entry->response while ipc msg send request had already freed it, leading to a slab-use-after-free. The issue was triggered by a concurrency scenario and reported by KASAN in handle generic event. The fix involves taking ipc msg table lock in ipc msg send request while validating entry->response, freeing it when invalid, and removing the entry from ipc msg table. The final entry->response pointer is returned to the caller only after the hash entry is removed under the lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.