{"uuid": "2c63b8de-f1ac-4788-b46c-1e4630774df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21673", "type": "seen", "source": "https://t.me/cvedetector/16943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21673 - Linux SMB Client Double Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21673 \nPublished : Jan. 31, 2025, 12:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsmb: client: fix double free of TCP_Server_Info::hostname  \n  \nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread  \nmight be reconnecting to multiple DFS targets before it realizes it  \nshould exit the loop, so @server->hostname can't be freed as long as  \ncifsd thread isn't done.  Otherwise the following can happen:  \n  \n  RIP: 0010:__slab_free+0x223/0x3c0  \n  Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89  \n  1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff <0f0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80  \n  RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246  \n  RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068  \n  RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400  \n  RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000  \n  R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500  \n  R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068  \n  FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)  \n  000000  \n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n  CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:  \n  PKRU: 55555554  \n  Call Trace:  \n     \n   ? show_trace_log_lvl+0x1c4/0x2df  \n   ? show_trace_log_lvl+0x1c4/0x2df  \n   ? __reconnect_target_unlocked+0x3e/0x160 [cifs]  \n   ? __die_body.cold+0x8/0xd  \n   ? die+0x2b/0x50  \n   ? do_trap+0xce/0x120  \n   ? __slab_free+0x223/0x3c0  \n   ? do_error_trap+0x65/0x80  \n   ? __slab_free+0x223/0x3c0  \n   ? exc_invalid_op+0x4e/0x70  \n   ? __slab_free+0x223/0x3c0  \n   ? asm_exc_invalid_op+0x16/0x20  \n   ? __slab_free+0x223/0x3c0  \n   ? extract_hostname+0x5c/0xa0 [cifs]  \n   ? extract_hostname+0x5c/0xa0 [cifs]  \n   ? __kmalloc+0x4b/0x140  \n   __reconnect_target_unlocked+0x3e/0x160 [cifs]  \n   reconnect_dfs_server+0x145/0x430 [cifs]  \n   cifs_handle_standard+0x1ad/0x1d0 [cifs]  \n   cifs_demultiplex_thread+0x592/0x730 [cifs]  \n   ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]  \n   kthread+0xdd/0x100  \n   ? __pfx_kthread+0x10/0x10  \n   ret_from_fork+0x29/0x50 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T15:22:41.000000Z"}