CVE-2025-71150
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 5.15.176 (inc) to 5.16 (exc) |
| linux | linux_kernel | From 6.1.121 (inc) to 6.1.160 (exc) |
| linux | linux_kernel | From 6.12.6 (inc) to 6.12.64 (exc) |
| linux | linux_kernel | From 6.13.1 (inc) to 6.18.3 (exc) |
| linux | linux_kernel | From 6.6.67 (inc) to 6.6.120 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's ksmbd component. When a session lookup finds a session that is not in a valid state (not SMB2_SESSION_VALID), the reference count acquired during the lookup is not decremented properly. This causes a reference count leak, meaning resources are not released as they should be. The fix involves explicitly releasing the reference to the session to prevent the leak.
How can this vulnerability impact me? :
The reference count leak can lead to resource exhaustion over time, potentially causing degraded system performance or instability in the ksmbd service or the Linux kernel. This could affect the reliability of SMB services on the system.