Impact
A use‑after‑free flaw exists in the ksmbd module’s smb2_open routine during a durable reconnect. The function drops a reference to a durable file descriptor too early, allowing subsequent code paths to dereference freed memory. This memory corruption could lead to a kernel panic or provide an attacker with the opportunity to execute code with kernel privileges, though the advisory does not explicitly document privilege escalation or code execution. The weakness is identified as CWE‑911, which describes a memory reuse‑after‑free flaw that can cause integrity and confidentiality breaches.
Affected Systems
The vulnerability affects the ksmbd component of the Linux kernel. Any kernel release that includes the ksmbd module and has not incorporated the patch commit referenced in the advisory is potentially vulnerable. Specific version numbers are not listed, so all installations of the kernel that provide SMB server functionality should verify whether the fix has been applied.
Risk and Exploitability
The EPSS score is below 1%, indicating a very low but non‑zero probability of exploitation. The CVSS score of 9.8 places the vulnerability at critical severity. Attackers would most likely trigger the flaw by establishing an SMB connection that initiates a durable reconnect path, a scenario that is inferred from the description. The vulnerability is not currently listed in CISA’s KEV catalog. Given the kernel context, exploitation could compromise system integrity, but the advisory does not confirm that arbitrary code execution is guaranteed.
OpenCVE Enrichment