CVE-2025-71150

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference count leak exists in the ksmbd module when an invalid session is found during session lookup. Specifically, when a session is located but is not in a valid state (SMB2 SESSION VALID), the reference count is not decremented, leading to a memory leak. The issue is resolved by explicitly releasing the reference to the session using the ksmbd user session put function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-78425

CVE-2025-71150

ECHO-0AA9-84DA-2B34

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71150

Related Identifiers

Affected Products

References · 838