CVE-2025-40286
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix possible memory leak in smb2_read()
Memory leak occurs when ksmbd_vfs_read() fails.
Fix this by adding the missing kvfree().
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's SMB server component. Specifically, it occurs in the smb2_read() function when the ksmbd_vfs_read() call fails. The issue is due to a missing kvfree() call, which leads to allocated memory not being freed properly.
How can this vulnerability impact me? :
The memory leak can cause increased memory usage on the affected system, potentially leading to degraded performance or system instability over time if exploited or triggered repeatedly.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70