ksmbd

A subtle parse-time error in the Linux in‑kernel SMB server (ksmbd) can let a malformed SMB2 Create request provoke an out‑of‑bounds memory access in kernel space — a defect tracked as CVE‑2024‑22705 that was fixed upstream in the 6.6.10 stable release and that carries real, immediate...

A recently disclosed Linux-kernel vulnerability, tracked as CVE-2025-21945, fixes a subtle but consequential use‑after‑free in the in‑kernel SMB server (ksmbd) — the bug can reliably produce kernel instability and therefore presents a high availability risk for any system whose kernel includes...

Microsoft’s short MSRC advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate as a product attestation, but it is not a categorical statement that no other Microsoft product can contain the same vulnerable ksmbd code; Azure Linux is the...

Microsoft’s short MSRC attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for CVE‑2025‑22043, but it is a product‑scoped inventory statement — not proof that other Microsoft products cannot carry the same ksmbd code; defenders...

A recently assigned Linux-kernel CVE, CVE-2025-37776, fixes a subtle but important use‑after‑free in the in‑kernel SMB server (ksmbd) — and Microsoft’s public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” should be read as an...

A small, defensive change in the Linux kernel’s in‑kernel SMB server, ksmbd, has been tracked as CVE‑2025‑37956 and fixed upstream — but Microsoft’s public wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is a product‑scoped attestation, not...

The Linux kernel received a defensive patch in April 2024 closing a dangerous input‑validation gap in the in‑kernel SMB server (ksmbd) that let a malicious userspace component return malformed IPC replies, potentially causing kernel memory corruption and service‑stopping crashes. Background /...

Microsoft’s short advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate as a product‑level attestation — but it is not a technical guarantee that no other Microsoft product can include the same vulnerable ksmbd code; customers must treat...

A new Linux-kernel patch closes a narrow but dangerous race in the in‑kernel SMB server (ksmbd) that could lead to a kernel use‑after‑free (UAF) in ipc_msg_send_request. The upstream fix changes how ksmbd validates and frees generic‑netlink reply buffers by taking the global ipc_msg_table_lock...

A subtle kernel memory-management bug in the Linux SMB server code — tracked as CVE-2025-40286 — has been fixed upstream after maintainers closed a code path that could leak kernel memory when a read operation fails; administrators running Linux systems that act as SMB clients or servers should...

A small but important kernel fix landed this week to close CVE‑2025‑40285 — a reference‑counting bug in the Linux kernel’s in‑kernel SMB server that could leak a ksmbd session object when a session reconnects. The patch adds a missing ksmbd_user_session_put in smb2_sess_setup, closing a race /...