CVE-2025-71150
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix refcount leak when invalid session is found on session lookup
When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 5.15.176 (inc) to 5.16 (exc) |
| linux | linux_kernel | From 6.1.121 (inc) to 6.1.160 (exc) |
| linux | linux_kernel | From 6.12.6 (inc) to 6.12.64 (exc) |
| linux | linux_kernel | From 6.13.1 (inc) to 6.18.3 (exc) |
| linux | linux_kernel | From 6.6.67 (inc) to 6.6.120 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
