CVE-2025-40328
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free (UAF) issue in the Linux kernel's SMB client code. Specifically, in the function smb2_close_cached_fid(), a reference count can drop to zero and the object can be freed, but before a lock (cfid_list_lock) is acquired, another reference might be grabbed. This timing gap can lead to accessing memory that has already been freed, causing undefined behavior or potential exploitation. The fix involves changing the code to hold the lock during the reference count decrement to prevent this race condition.
How can this vulnerability impact me? :
This use-after-free vulnerability could lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges if exploited. This could compromise the security and reliability of systems running the affected Linux kernel SMB client.