CVE-2025-71150

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5	Patch
https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc	Patch
https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7	Patch
https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644	Patch
https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:-::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::

History

26 Feb 2026, 20:28

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:-::::::
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5 -~~	() https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5 - Patch
References	~~() https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc -~~	() https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc - Patch
References	~~() https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7 -~~	() https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7 - Patch
References	~~() https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644 -~~	() https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644 - Patch
References	~~() https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd -~~	() https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd - Patch

23 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-23 15:16

Updated : 2026-02-26 20:28

NVD link : CVE-2025-71150

Mitre link : CVE-2025-71150

CVE.ORG link : CVE-2025-71150

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10