CVE-2025-37899
Published May 20, 2025
Last updated 2 days ago
AI description
CVE-2025-37899 is a use-after-free vulnerability found in the ksmbd component of the Linux kernel, which is an in-kernel server implementing the SMB3 protocol for file sharing over networks. Specifically, the vulnerability exists in the session logoff handler. The vulnerability occurs because the `sess->user` object can be freed by one thread processing a logoff command while another thread, handling a new connection's session setup request, might still be accessing the same `sess->user` object. This concurrent access can lead to memory corruption and potentially allow attackers to execute arbitrary code with kernel privileges.
- Description
- In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
55
AI model o3 detected a zero-day in Linux's SMB kernel (CVE-2025-37899), involving a use-after-free flaw during logoff that risks crashes and privilege escalation. This showcases AI’s potential in cybersecurity discovery. 🔍 #Linux #AI #Cybernovel https://t.co/wspWu8w8Hn
@TweetThreatNews
23 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation https://t.co/6xXZfBroIB https://t.co/onzTMui9dV
@secharvesterx
23 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年5月20日、Linuxカーネルのksmbdコンポーネントに重大なゼロデイ脆弱性(CVE-2025-37899)が確認された。この脆弱性は、OpenAIの大規模言語モデル「o3」により発見された点で注目される。
@yousukezan
22 May 2025
6119 Impressions
13 Retweets
32 Likes
13 Bookmarks
0 Replies
0 Quotes
I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇
@seanhn
22 May 2025
47556 Impressions
123 Retweets
619 Likes
440 Bookmarks
10 Replies
11 Quotes
CVE-2025-37899 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by ano… https://t.co/I8DsN1IC6j
@CVEnew
20 May 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes