CVE-2025-71150 PUBLISHED

ksmbd: Fix refcount leak when invalid session is found on session lookup

Assigner: Linux
Reserved: 13.01.2026 Published: 23.01.2026 Updated: 23.01.2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix refcount leak when invalid session is found on session lookup

When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0fb87b28cafae71e9c8248432cc3a6a1fd759efc (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to e54fb2a4772545701766cba08aab20de5eace8cd (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 02e06785e85b4bd86ef3d23b7c8d87acc76773d5 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to cafb57f7bdd57abba87725eb4e82bbdca4959644 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.1.160 to 6.1.* (incl.)
  • unaffected from 6.6.120 to 6.6.* (incl.)
  • unaffected from 6.12.64 to 6.12.* (incl.)
  • unaffected from 6.18.3 to 6.18.* (incl.)
  • unaffected from 6.19-rc2 to * (incl.)

References