Description
In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix refcount leak when invalid session is found on session lookup

When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.
Published: 2026-01-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reference Count Leak
Action: Apply patch
AI Analysis

Impact

The kernel’s ksmbd component contains a reference count leak when a session lookup finds a session whose state is not SMB2_SESSION_VALID. The missing decrement means that each such invalid session retains a reference that is never released. Over time, repeated processing of invalid sessions can cause a buildup of unreleased session objects in kernel memory, which may lead to resource exhaustion.

Affected Systems

The flaw affects Linux kernel builds that include ksmbd, specifically kernel versions 6.13 through 6.13‑rc7 and the 6.19‑rc1 release as indicated by the CPE list. Systems running these kernels with ksmbd enabled are vulnerable, regardless of distribution. The vulnerability is tied to the ksmbd service, the SMB server implementation within the kernel.

Risk and Exploitability

The CVSS score of 5.5 signals a medium severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. It is inferred that an attacker would need to send SMB traffic that triggers a ksmbd session lookup on an invalid session to exploit the flaw. No publicly available exploits have been disclosed.

Generated by OpenCVE AI on April 20, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a patched release that contains the ksmbd reference count leak fix (e.g., the latest 6.13 kernel or later).
  • Reboot the system or reload the ksmbd service to unload the vulnerable kernel module and load the updated kernel.
  • Temporarily disable or stop the ksmbd service until the kernel update is applied to prevent potential exploitation.

Generated by OpenCVE AI on April 20, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8177-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8179-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8177-2 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8183-1 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8184-1 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8179-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8185-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8179-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8183-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8203-1 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-8204-1 Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8185-2 Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8179-4 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8245-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8257-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8258-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8260-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8261-1 Linux kernel (Xilinx) vulnerabilities
Ubuntu USN Ubuntu USN USN-8265-1 Linux kernel (NVIDIA Tegra) vulnerabilities
History

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*

Sat, 24 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 23 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.
Title ksmbd: Fix refcount leak when invalid session is found on session lookup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:03:25.067Z

Reserved: 2026-01-13T15:30:19.662Z

Link: CVE-2025-71150

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-01-23T15:16:05.773

Modified: 2026-04-18T09:16:13.153

Link: CVE-2025-71150

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2025-71150 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T17:30:12Z

Weaknesses