CVE-2025-21945 in Linuxinfo

Summary

by MITRE • 04/01/2025

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb2_lock

If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/01/2026

The vulnerability identified as CVE-2025-21945 affects the Linux kernel's ksmbd implementation, specifically within the smb2_lock functionality. This represents a critical use-after-free condition that can lead to arbitrary code execution or system instability. The flaw exists in the kernel-based SMB server implementation that handles SMB2 protocol operations, making it particularly dangerous in networked environments where SMB services are actively utilized.

The technical root cause stems from improper handling of lock operations when the smb_lock->zero_len field contains a non-zero value. Under normal circumstances, when zero_len is set, the system should properly manage the linked list structure associated with smb_lock->llist and ensure that flock references are updated appropriately. However, the current implementation fails to properly remove entries from the linked list when zero_len is non-zero, resulting in stale references that persist beyond their intended usage period. This creates a scenario where memory that was freed or reallocated can still be accessed through these lingering references.

The operational impact of this vulnerability extends beyond simple memory corruption, as it can be exploited to achieve privilege escalation or denial of service conditions. When error handling routines are invoked, the system attempts to access memory locations that have already been freed due to the improper cleanup of the lock structures. This creates opportunities for attackers to manipulate the memory layout or inject malicious code into the kernel space, particularly when the ksmbd service is running with elevated privileges. The vulnerability affects systems running Linux kernels that include the affected ksmbd implementation, typically those supporting SMB2 protocol services.

Mitigation strategies should focus on immediate patch application from the kernel maintainers, as the vulnerability directly impacts the kernel's memory management and security boundaries. System administrators should prioritize updating their kernel versions to include the fix that properly handles the linked list cleanup for lock structures when zero_len is set. Additionally, network segmentation and access controls should be implemented to limit exposure of SMB services, particularly in environments where the vulnerability could be exploited through untrusted network access. The fix aligns with standard security practices for preventing use-after-free conditions as outlined in CWE-416, and addresses patterns commonly exploited in kernel-based attacks that map to techniques described in the ATT&CK framework under privilege escalation and memory corruption categories. Organizations should also implement monitoring for suspicious SMB activity and ensure that their kernel security modules are kept up to date with the latest security patches to prevent exploitation of similar memory management vulnerabilities.

Responsible

Linux

Reservation

12/29/2024

Disclosure

04/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00194

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!