Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2025-68817 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-68817

CVE-2025-68817

HIGH7.8

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Published Jan 13, 2026

Modified 2 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

References

WEB

https://git.kernel.org/stable/c/063cbbc6f595ea36ad146e1b7d2af820894beb21

WEB

https://git.kernel.org/stable/c/21a3d01fc6db5129f81edb0ab7cb94fd758bcbea

WEB

https://git.kernel.org/stable/c/446beed646b2e426dd53d27358365f8678e1dd01

WEB

https://git.kernel.org/stable/c/b39a1833cc4a2755b02603eec3a71a85e9dff926

WEB

https://git.kernel.org/stable/c/d092de8a26c952379ded8e6b0bda31d89befac1a

WEB

https://git.kernel.org/stable/c/d64977495e44855f2b28d8ce56107c963a7a50e4

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-68817

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJan 13, 2026

ModifiedFeb 9, 2026