CVE-2025-71150

Jan. 23, 2026, 3:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5
https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc
https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7
https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644
https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-01-23
CVE-2025-71150

Timeline

Published: Jan. 23, 2026, 3:16 p.m.
Last Modified: Jan. 23, 2026, 3:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.