Main Vulnerability Database SB2026022535

SB2026022535 - Ubuntu update for linux-realtime

Published: February 25, 2026

Security Bulletin ID SB2026022535

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-37899)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.

2) NULL pointer dereference (CVE-ID: CVE-2025-22037)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_handle_negotiate(), alloc_preauth_hash(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the destroy_previous_session() function in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-8059-4