{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71150", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:30:19.662Z", "datePublished": "2026-01-23T14:15:16.898Z", "dateUpdated": "2026-04-18T08:57:13.286Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-18T08:57:13.286Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix refcount leak when invalid session is found on session lookup\n\nWhen a session is found but its state is not SMB2_SESSION_VALID, It\nindicates that no valid session was found, but it is missing to decrement\nthe reference count acquired by the session lookup, which results in\na reference count leak. This patch fixes the issue by explicitly calling\nksmbd_user_session_put to release the reference to the session."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c"], "versions": [{"version": "2107ab40629aeabbec369cf34b8cf0f288c3eb1b", "lessThan": "11fe566b442e3bc2774191740fd377739a87a1c0", "status": "affected", "versionType": "git"}, {"version": "37a0e2b362b3150317fb6e2139de67b1e29ae5ff", "lessThan": "0fb87b28cafae71e9c8248432cc3a6a1fd759efc", "status": "affected", "versionType": "git"}, {"version": "450a844c045ff0895d41b05a1cbe8febd1acfcfd", "lessThan": "e54fb2a4772545701766cba08aab20de5eace8cd", "status": "affected", "versionType": "git"}, {"version": "a39e31e22a535d47b14656a7d6a893c7f6cf758c", "lessThan": "02e06785e85b4bd86ef3d23b7c8d87acc76773d5", "status": "affected", "versionType": "git"}, {"version": "b95629435b84b9ecc0c765995204a4d8a913ed52", "lessThan": "8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7", "status": "affected", "versionType": "git"}, {"version": "b95629435b84b9ecc0c765995204a4d8a913ed52", "lessThan": "cafb57f7bdd57abba87725eb4e82bbdca4959644", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.176", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.121", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.67", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.6", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/11fe566b442e3bc2774191740fd377739a87a1c0"}, {"url": "https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc"}, {"url": "https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd"}, {"url": "https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5"}, {"url": "https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7"}, {"url": "https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644"}], "title": "ksmbd: Fix refcount leak when invalid session is found on session lookup", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11177EA-CF04-4864-B5AE-7597A4239BC3", "versionEndExcluding": "5.16", "versionStartIncluding": "5.15.176", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8983128-8A47-4317-B02E-D9072E423085", "versionEndExcluding": "6.1.160", "versionStartIncluding": "6.1.121", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B82378A7-0B64-484B-B28D-3A09913AEE0E", "versionEndExcluding": "6.6.120", "versionStartIncluding": "6.6.67", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D247316-17E2-4AF9-B5C9-DFF7DCADAE1E", "versionEndExcluding": "6.12.64", "versionStartIncluding": "6.12.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1175098E-51C5-4022-AD0A-C8985F2787C6", "versionEndExcluding": "6.18.3", "versionStartIncluding": "6.13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*", "matchCriteriaId": "5A3F9505-6B98-4269-8B81-127E55A1BF00", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*", "matchCriteriaId": "5DFCDFB8-4FD0-465A-9076-D813D78FE51B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix refcount leak when invalid session is found on session lookup\n\nWhen a session is found but its state is not SMB2_SESSION_VALID, It\nindicates that no valid session was found, but it is missing to decrement\nthe reference count acquired by the session lookup, which results in\na reference count leak. This patch fixes the issue by explicitly calling\nksmbd_user_session_put to release the reference to the session."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nksmbd: Soluciona la fuga de contador de referencias cuando se encuentra una sesi\u00f3n inv\u00e1lida en la b\u00fasqueda de sesi\u00f3n\n\nCuando se encuentra una sesi\u00f3n pero su estado no es SMB2_SESSION_VALID, indica que no se encontr\u00f3 ninguna sesi\u00f3n v\u00e1lida, pero falta decrementar el contador de referencias adquirido por la b\u00fasqueda de sesi\u00f3n, lo que resulta en una fuga de contador de referencias. Este parche soluciona el problema llamando expl\u00edcitamente a ksmbd_user_session_put para liberar la referencia a la sesi\u00f3n."}], "id": "CVE-2025-71150", "lastModified": "2026-04-18T09:16:13.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-23T15:16:05.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11fe566b442e3bc2774191740fd377739a87a1c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ksmbd: Fix refcount leak when invalid session is found on session lookup", "id": "2432364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432364"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-71150", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71150\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71150\nhttps://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71150-1b7c@gregkh/T"], "threat_severity": "Low"}

{}