What is the severity of CVE-2025-21945?

CVE-2025-21945 is considered a moderate severity vulnerability due to the potential for use-after-free errors in the Linux kernel.

How do I fix CVE-2025-21945?

To fix CVE-2025-21945, upgrade to the patched version of the Linux kernel where this vulnerability has been resolved.

What components of the Linux kernel are affected by CVE-2025-21945?

CVE-2025-21945 specifically affects the ksmbd component of the Linux kernel.

What could happen if CVE-2025-21945 is exploited?

If exploited, CVE-2025-21945 could lead to a use-after-free vulnerability, potentially allowing for privilege escalation or system instability.

When was CVE-2025-21945 disclosed?

CVE-2025-21945 was publicly disclosed as a vulnerability in the Linux kernel related to the ksmbd file server.

Vulnerability/
CVE-2025-21945

high

7.8

CWE

416

1/4/2025

16/4/2025

CVE-2025-21945: ksmbd: fix use-after-free in smb2_lock

First published: Tue Apr 01 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_lock If smb_lock->zero_len has value, ->llist of smb_lock is not delete and flock is old one. It will cause use-after-free on error handling routine.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=5.15<6.1.131
Linux Kernel	>=6.2<6.6.83
Linux Kernel	>=6.7<6.12.19
Linux Kernel	>=6.13<6.13.7
Linux Kernel	=6.14-rc1
Linux Kernel	=6.14-rc2
Linux Kernel	=6.14-rc3
Linux Kernel	=6.14-rc4
Linux Kernel	=6.14-rc5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21945?
CVE-2025-21945 is considered a moderate severity vulnerability due to the potential for use-after-free errors in the Linux kernel.
How do I fix CVE-2025-21945?
To fix CVE-2025-21945, upgrade to the patched version of the Linux kernel where this vulnerability has been resolved.
What components of the Linux kernel are affected by CVE-2025-21945?
CVE-2025-21945 specifically affects the ksmbd component of the Linux kernel.
What could happen if CVE-2025-21945 is exploited?
If exploited, CVE-2025-21945 could lead to a use-after-free vulnerability, potentially allowing for privilege escalation or system instability.
When was CVE-2025-21945 disclosed?
CVE-2025-21945 was publicly disclosed as a vulnerability in the Linux kernel related to the ksmbd file server.

agent/weakness
agent/references
agent/title
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/source
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
agent/softwarecombine
agent/severity
agent/remedy
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/5.15
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.13
version/linux kernel/6.14-rc1
version/linux kernel/6.14-rc2
version/linux kernel/6.14-rc3
version/linux kernel/6.14-rc4
version/linux kernel/6.14-rc5

CVE-2025-21945: ksmbd: fix use-after-free in smb2_lock

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21945?

How do I fix CVE-2025-21945?

What components of the Linux kernel are affected by CVE-2025-21945?

What could happen if CVE-2025-21945 is exploited?

When was CVE-2025-21945 disclosed?

Company

Resources

Contact