Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL.

INFO

Published Date :

2025-05-20T15:21:52.681Z

Last Modified :

2026-04-02T08:39:31.419Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37924 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37924.

URL Resource
https://git.kernel.org/stable/c/28c756738af44a404a91b77830d017bb0c525890 cve-icon cve-icon
https://git.kernel.org/stable/c/b447463562238428503cfba1c913261047772f90 cve-icon cve-icon
https://git.kernel.org/stable/c/e18c616718018dfc440e4a2d2b94e28fe91b1861 cve-icon cve-icon
https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2 cve-icon cve-icon
https://git.kernel.org/stable/c/e86e9134e1d1c90a960dd57f59ce574d27b9a124 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025052004-CVE-2025-37924-ec7d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37924 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37924 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact