Impact
The Linux kernel ksmbd module contains a use‑after‑free bug that can cause a NULL pointer dereference during asynchronous cryptographic operations with the Qualcomm Crypto Engine. When the engine returns ‑EINPROGRESS, ksmbd incorrectly treats this as an error and frees the request while the DMA operation is still in flight, leading to a crash in the completion callback. The flaw can trigger a kernel panic, resulting in a denial of service. The weakness corresponds to a use‑after‑free vulnerability.
Affected Systems
Linux kernels that include the ksmbd SMB server module and support the Qualcomm Crypto Engine are potentially affected. Any kernel build using ksmbd and the QCE for cryptographic operations may be vulnerable. No specific kernel version range is indicated, so all affected builds should be considered at risk until patched.
Risk and Exploitability
Based on the description, it is inferred that an attacker could trigger the crash by sending staged SMB traffic that exercises the cryptographic path within ksmbd. The flaw does not grant arbitrary code execution; the primary impact is a denial of service. The CVSS score of 9.8 indicates a severe availability issue, while the EPSS score of less than 1% suggests a very low exploitation probability. The vulnerability is not listed in CISA's KEV catalog.
OpenCVE Enrichment
Debian DLA