{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T20:43:48.135","vulnerabilities":[{"cve":{"id":"CVE-2025-37777","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-01T14:15:41.493","lastModified":"2025-11-14T16:45:29.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in __smb2_lease_break_noti()\n\nMove tcp_transport free to ksmbd_conn_free. If ksmbd connection is\nreferenced when ksmbd server thread terminates, It will not be freed,\nbut conn->tcp_transport is freed. __smb2_lease_break_noti can be performed\nasynchronously when the connection is disconnected. __smb2_lease_break_noti\ncalls ksmbd_conn_write, which can cause use-after-free\nwhen conn->ksmbd_transport is already freed."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige el error \"use-after-free\" en __smb2_lease_break_noti(). Se mueve tcp_transport libre a ksmbd_conn_free. Si se hace referencia a la conexión ksmbd al finalizar el subproceso del servidor ksmbd, no se liberará, pero sí se liberará conn->tcp_transport. __smb2_lease_break_noti puede ejecutarse asincrónicamente cuando se desconecta la conexión. __smb2_lease_break_noti llama a ksmbd_conn_write, lo que puede causar un error \"use-after-free\" cuando conn->ksmbd_transport ya está liberado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.101","matchCriteriaId":"38D76487-0793-4C0C-937D-F5696CC73D37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.26","matchCriteriaId":"22F52099-F422-4D19-8283-45F9F9BF4392"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.4","matchCriteriaId":"29FA1A8E-1C2A-4B0B-B397-2C915ECDEDEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1da8bd9a10ecd718692732294d15fd801c0eabb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}