In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Under high concurrency, A tree-connection object (tcon) is freed on
a disconnect path while another path still holds a reference and later
executes *_put()/write on it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
dd45db4d9bbc8f122a9b4db5ce94ae29fcf03d3c affected < 446beed646b2e426dd53d27358365f8678e1dd01
7b58ee8d0b91359554cf219cd4f33872ea2afd66 affected < d092de8a26c952379ded8e6b0bda31d89befac1a
33b235a6e6ebe0f05f3586a71e8d281d00f71e2e affected < d64977495e44855f2b28d8ce56107c963a7a50e4
33b235a6e6ebe0f05f3586a71e8d281d00f71e2e affected < 21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
33b235a6e6ebe0f05f3586a71e8d281d00f71e2e affected < 063cbbc6f595ea36ad146e1b7d2af820894beb21
33b235a6e6ebe0f05f3586a71e8d281d00f71e2e affected < b39a1833cc4a2755b02603eec3a71a85e9dff926
Linux Linux affected
Version Status Constraints
6.6 affected
0 unaffected < 6.6
5.15.199 unaffected ≤ 5.15.*
6.1.160 unaffected ≤ 6.1.*
6.6.120 unaffected ≤ 6.6.*
6.12.64 unaffected ≤ 6.12.*
6.18.3 unaffected ≤ 6.18.*
6.19-rc1 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21 cve-icon cve-icon
https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea cve-icon cve-icon
https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01 cve-icon cve-icon
https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926 cve-icon cve-icon
https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a cve-icon cve-icon
https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011313-CVE-2025-68817-03ab@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68817 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68817 cve-icon
History

Fri, 06 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 15 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References

Tue, 13 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.
Title ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-06T16:31:37.271Z

Reserved: 2025-12-24T10:30:51.048Z

Link: CVE-2025-68817

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-01-13T16:16:03.983

Modified: 2026-02-06T17:16:18.187

Link: CVE-2025-68817

cve-icon Redhat

Severity :

Publid Date: 2026-01-13T00:00:00Z

Links: CVE-2025-68817 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.