CVE-2025-21673

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 31, 2025

Updated: Feb 4, 2025

CWE ID 415

Summary

CVE-2025-21673 is a vulnerability affecting the Linux kernel that stems from a double free issue in the smb (Server Message Block) module. Specifically, in the function cifs_put_tcp_session(), the TCP_Server_Info::hostname may not be properly freed, leading to memory corruption. This occurs when the cifsd thread reconnects to multiple DFS targets before realizing it should exit the loop. The consequences of this vulnerability can result in arbitrary code execution, as seen in the provided call trace. The issue was resolved with the fix in the Linux kernel.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/28zyNA
https://www.cve.org/CVERecord?id=CVE-2025-21673
https://nvd.nist.gov/vuln/detail/CVE-2025-21673

Back to Vulnerability Database

CVE-2025-21673

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations