| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021425-CVE-2025-71220-162f@gregkh> Date: Sat, 14 Feb 2026 17:28:26 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71220: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close(). The Linux kernel CVE team has assigned CVE-2025-71220 to this issue. Affected and fixed versions =========================== Fixed in 5.15.200 with commit a2c68e256fb7a4ac34154c6e865a1389acca839f Fixed in 6.1.163 with commit 2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29 Fixed in 6.6.124 with commit 04dd114b682a4ccaeba2c2bad049c8b50ce740d8 Fixed in 6.12.70 with commit ac18761b530b5dd40f59af8a25902282e5512854 Fixed in 6.18.10 with commit fdda836fcee6fdbcccc24e3679097efb583f581f Fixed in 6.19 with commit 7c28f8eef5ac5312794d8a52918076dcd787e53b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71220 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/smb/server/smb2pdu.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a2c68e256fb7a4ac34154c6e865a1389acca839f https://git.kernel.org/stable/c/2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29 https://git.kernel.org/stable/c/04dd114b682a4ccaeba2c2bad049c8b50ce740d8 https://git.kernel.org/stable/c/ac18761b530b5dd40f59af8a25902282e5512854 https://git.kernel.org/stable/c/fdda836fcee6fdbcccc24e3679097efb583f581f https://git.kernel.org/stable/c/7c28f8eef5ac5312794d8a52918076dcd787e53b
Powered by blists - more mailing lists