{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68817","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.048Z","datePublished":"2026-01-13T15:29:21.210Z","dateUpdated":"2026-05-11T21:53:53.705Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:53:53.705Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency\n\nUnder high concurrency, A tree-connection object (tcon) is freed on\na disconnect path while another path still holds a reference and later\nexecutes *_put()/write on it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/mgmt/tree_connect.c","fs/smb/server/mgmt/tree_connect.h","fs/smb/server/smb2pdu.c"],"versions":[{"version":"dd45db4d9bbc8f122a9b4db5ce94ae29fcf03d3c","lessThan":"446beed646b2e426dd53d27358365f8678e1dd01","status":"affected","versionType":"git"},{"version":"7b58ee8d0b91359554cf219cd4f33872ea2afd66","lessThan":"d092de8a26c952379ded8e6b0bda31d89befac1a","status":"affected","versionType":"git"},{"version":"33b235a6e6ebe0f05f3586a71e8d281d00f71e2e","lessThan":"d64977495e44855f2b28d8ce56107c963a7a50e4","status":"affected","versionType":"git"},{"version":"33b235a6e6ebe0f05f3586a71e8d281d00f71e2e","lessThan":"21a3d01fc6db5129f81edb0ab7cb94fd758bcbea","status":"affected","versionType":"git"},{"version":"33b235a6e6ebe0f05f3586a71e8d281d00f71e2e","lessThan":"063cbbc6f595ea36ad146e1b7d2af820894beb21","status":"affected","versionType":"git"},{"version":"33b235a6e6ebe0f05f3586a71e8d281d00f71e2e","lessThan":"b39a1833cc4a2755b02603eec3a71a85e9dff926","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/mgmt/tree_connect.c","fs/smb/server/mgmt/tree_connect.h","fs/smb/server/smb2pdu.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.64","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.3","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.145","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.71","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01"},{"url":"https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a"},{"url":"https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4"},{"url":"https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea"},{"url":"https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21"},{"url":"https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926"}],"title":"ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency","x_generator":{"engine":"bippy-1.2.0"}}}}