CVE-2025-68817 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21
https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea
https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926
https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a
https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4

History

Tue, 13 Jan 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.
Title		ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21 https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926 https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-13T15:29:21.210Z

Updated: 2026-01-13T15:29:21.210Z

Reserved: 2025-12-24T10:30:51.048Z

Link: CVE-2025-68817

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-13T16:16:03.983

Modified: 2026-01-13T16:16:03.983

Link: CVE-2025-68817

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68817", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:30:51.048Z", "datePublished": "2026-01-13T15:29:21.210Z", "dateUpdated": "2026-01-13T15:29:21.210Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-01-13T15:29:21.210Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency\n\nUnder high concurrency, A tree-connection object (tcon) is freed on\na disconnect path while another path still holds a reference and later\nexecutes *_put()/write on it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/tree_connect.c", "fs/smb/server/mgmt/tree_connect.h", "fs/smb/server/smb2pdu.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d092de8a26c952379ded8e6b0bda31d89befac1a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d64977495e44855f2b28d8ce56107c963a7a50e4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "21a3d01fc6db5129f81edb0ab7cb94fd758bcbea", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "063cbbc6f595ea36ad146e1b7d2af820894beb21", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b39a1833cc4a2755b02603eec3a71a85e9dff926", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/tree_connect.c", "fs/smb/server/mgmt/tree_connect.h", "fs/smb/server/smb2pdu.c"], "versions": [{"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a"}, {"url": "https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4"}, {"url": "https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea"}, {"url": "https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21"}, {"url": "https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926"}], "title": "ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency", "x_generator": {"engine": "bippy-1.2.0"}}}}