CVE-2025-21955

Advisory lineage Upstream: 0 Downstream: 22

Downstream

DEBIAN-CVE-2025-21955 MGASA-2025-0142 MGASA-2025-0146 UBUNTU-CVE-2025-21955 USN-7605-1 USN-7605-2

Analyzed

Published: 01 Apr 2025, 15:46

Last modified:11 May 2026, 21:09

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability -0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Apr 2025, 15:46

Published

Vulnerability first disclosed

11 May 2026, 21:09

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Increment r_count of ksmbd_conn to indicate that requests are not finished yet and to not release the connection.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Affected Systems

linux•linux
≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 09aeab68033161cb54f194da93e51a11aee6144b | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < a4261bbc33fbf99b99c80aa3a2c5097611802980 | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < f17d1c63a76b0fe8e9c78023a86507a3a6d62cfa | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 3aa660c059240e0c795217182cf7df32909dd917 | 5.15
linux•linux_kernel
≥ 5.15, < 6.6.84 | ≥ 6.7, < 6.12.20 | ≥ 6.13, < 6.13.8 | 6.14:rc1 | 6.14:rc2 | 6.14:rc3 | 6.14:rc4 | 6.14:rc5 | 6.14:rc6