{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71150", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:30:19.662Z", "datePublished": "2026-01-23T14:15:16.898Z", "dateUpdated": "2026-05-11T21:55:55.723Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:55:55.723Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix refcount leak when invalid session is found on session lookup\n\nWhen a session is found but its state is not SMB2_SESSION_VALID, It\nindicates that no valid session was found, but it is missing to decrement\nthe reference count acquired by the session lookup, which results in\na reference count leak. This patch fixes the issue by explicitly calling\nksmbd_user_session_put to release the reference to the session."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c"], "versions": [{"version": "2107ab40629aeabbec369cf34b8cf0f288c3eb1b", "lessThan": "11fe566b442e3bc2774191740fd377739a87a1c0", "status": "affected", "versionType": "git"}, {"version": "37a0e2b362b3150317fb6e2139de67b1e29ae5ff", "lessThan": "0fb87b28cafae71e9c8248432cc3a6a1fd759efc", "status": "affected", "versionType": "git"}, {"version": "450a844c045ff0895d41b05a1cbe8febd1acfcfd", "lessThan": "e54fb2a4772545701766cba08aab20de5eace8cd", "status": "affected", "versionType": "git"}, {"version": "a39e31e22a535d47b14656a7d6a893c7f6cf758c", "lessThan": "02e06785e85b4bd86ef3d23b7c8d87acc76773d5", "status": "affected", "versionType": "git"}, {"version": "b95629435b84b9ecc0c765995204a4d8a913ed52", "lessThan": "8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7", "status": "affected", "versionType": "git"}, {"version": "b95629435b84b9ecc0c765995204a4d8a913ed52", "lessThan": "cafb57f7bdd57abba87725eb4e82bbdca4959644", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.176", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.121", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.67", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.6", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/11fe566b442e3bc2774191740fd377739a87a1c0"}, {"url": "https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc"}, {"url": "https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd"}, {"url": "https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5"}, {"url": "https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7"}, {"url": "https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644"}], "title": "ksmbd: Fix refcount leak when invalid session is found on session lookup", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11177EA-CF04-4864-B5AE-7597A4239BC3", "versionEndExcluding": "5.16", "versionStartIncluding": "5.15.176", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8983128-8A47-4317-B02E-D9072E423085", "versionEndExcluding": "6.1.160", "versionStartIncluding": "6.1.121", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B82378A7-0B64-484B-B28D-3A09913AEE0E", "versionEndExcluding": "6.6.120", "versionStartIncluding": "6.6.67", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D247316-17E2-4AF9-B5C9-DFF7DCADAE1E", "versionEndExcluding": "6.12.64", "versionStartIncluding": "6.12.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1175098E-51C5-4022-AD0A-C8985F2787C6", "versionEndExcluding": "6.18.3", "versionStartIncluding": "6.13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*", "matchCriteriaId": "5A3F9505-6B98-4269-8B81-127E55A1BF00", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*", "matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix refcount leak when invalid session is found on session lookup\n\nWhen a session is found but its state is not SMB2_SESSION_VALID, It\nindicates that no valid session was found, but it is missing to decrement\nthe reference count acquired by the session lookup, which results in\na reference count leak. This patch fixes the issue by explicitly calling\nksmbd_user_session_put to release the reference to the session."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nksmbd: Soluciona la fuga de contador de referencias cuando se encuentra una sesi\u00f3n inv\u00e1lida en la b\u00fasqueda de sesi\u00f3n\n\nCuando se encuentra una sesi\u00f3n pero su estado no es SMB2_SESSION_VALID, indica que no se encontr\u00f3 ninguna sesi\u00f3n v\u00e1lida, pero falta decrementar el contador de referencias adquirido por la b\u00fasqueda de sesi\u00f3n, lo que resulta en una fuga de contador de referencias. Este parche soluciona el problema llamando expl\u00edcitamente a ksmbd_user_session_put para liberar la referencia a la sesi\u00f3n."}], "id": "CVE-2025-71150", "lastModified": "2026-04-18T09:16:13.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-23T15:16:05.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11fe566b442e3bc2774191740fd377739a87a1c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ksmbd: Fix refcount leak when invalid session is found on session lookup", "id": "2432364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432364"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-71150", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71150\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71150\nhttps://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71150-1b7c@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:29:55.670656+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that contains the ksmbd reference count leak fix (e.g., the latest 6.13 kernel or later).", "Reboot the system or reload the ksmbd service to unload the vulnerable kernel module and load the updated kernel.", "Temporarily disable or stop the ksmbd service until the kernel update is applied to prevent potential exploitation."], "summary": {"action": "Apply patch", "impact": "Reference Count Leak"}, "threat_synthesis": {"affected_systems": "The flaw affects Linux kernel builds that include ksmbd, specifically kernel versions 6.13 through 6.13\u2011rc7 and the 6.19\u2011rc1 release as indicated by the CPE list. Systems running these kernels with ksmbd enabled are vulnerable, regardless of distribution. The vulnerability is tied to the ksmbd service, the SMB server implementation within the kernel.", "description_and_impact": "The kernel\u2019s ksmbd component contains a reference count leak when a session lookup finds a session whose state is not SMB2_SESSION_VALID. The missing decrement means that each such invalid session retains a reference that is never released. Over time, repeated processing of invalid sessions can cause a buildup of unreleased session objects in kernel memory, which may lead to resource exhaustion.", "risk_and_exploitability": "The CVSS score of 5.5 signals a medium severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog. It is inferred that an attacker would need to send SMB traffic that triggers a ksmbd session lookup on an invalid session to exploit the flaw. No publicly available exploits have been disclosed."}}}}, "created": "2026-04-20T17:30:12.660288+00:00", "updated": "2026-04-20T17:30:12.660305+00:00", "vendors": []}