CVE-2025-37778
Published May 1, 2025
Last updated 25 days ago
AI description
CVE-2025-37778 is a use-after-free vulnerability found in the Linux kernel's ksmbd component, specifically within the Kerberos authentication pathway during remote client session setups. The vulnerability arises when the `krb_authenticate` function frees `sess->user` but doesn't set the pointer to NULL. Subsequently, `ksmbd_krb5_authenticate` might not reinitialize `sess->user`, leading `smb2_sess_setup` to access freed memory when using `sess->user`. This flaw can lead to memory corruption, potentially allowing an attacker to execute arbitrary code with kernel privileges. The vulnerability affects multiple versions of the Linux kernel, and distributions like SUSE are actively working on providing patches.
- Description
- In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authenticate krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_authenticate, will be accessing free'd memory when it later uses sess->user.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
Threat Alert: How I used o3 to find a remote 0-day vulnerability in the Linux kernel (ksmbd) CVE-2025-37778 CVE-2025-37899 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/huzPBeG2RZ #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
24 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenAI o3がLinuxカーネルのSMB実装におけるゼロデイ脆弱性CVE-2025-37899を発見。CVE-2025-37778も再発見していた。 https://t.co/4kCFkRVig3
@__kokumoto
23 May 2025
5500 Impressions
29 Retweets
102 Likes
25 Bookmarks
0 Replies
1 Quote