VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xmh8-sgwc-g7bd

Essentials
Severities (11)
References (17)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xmh8-sgwc-g7bd
Aliases	CVE-2025-21673
Summary	kernel: smb: client: fix double free of TCP_Server_Info::hostname
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-415

Double Free

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21673.json
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-21673
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-21673
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-21673
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a
ssvc	Track	https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a
cvssv3.1	5.5	https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a
ssvc	Track	https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a
cvssv3.1	5.5	https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e
ssvc	Track	https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21673.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-21673
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1ea68070338518a1d31ce71e6abfe1b30001b27a		https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a
2343184		https://bugzilla.redhat.com/show_bug.cgi?id=2343184
a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a		https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a
fa2f9906a7b333ba757a7dbae0713d8a5396186e		https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e
USN-7445-1		https://usn.ubuntu.com/7445-1/
USN-7448-1		https://usn.ubuntu.com/7448-1/
USN-7595-1		https://usn.ubuntu.com/7595-1/
USN-7595-2		https://usn.ubuntu.com/7595-2/
USN-7595-3		https://usn.ubuntu.com/7595-3/
USN-7595-4		https://usn.ubuntu.com/7595-4/
USN-7595-5		https://usn.ubuntu.com/7595-5/
USN-7596-1		https://usn.ubuntu.com/7596-1/
USN-7596-2		https://usn.ubuntu.com/7596-2/
USN-7653-1		https://usn.ubuntu.com/7653-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21673.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:08Z/ Found at https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:08Z/ Found at https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:08Z/ Found at https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e

Exploit Prediction Scoring System (EPSS)

Percentile	0.04777
EPSS Score	0.00018
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:49:29.088228+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21673.json	38.6.0