CVE-2025-68295
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifs_construct_tcon() When having a multiuser mount with domain= specified and using cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname, so it needs to be freed before leaving cifs_construct_tcon(). This fixes the following memory leak reported by kmemleak: mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,... su - testuser cifscreds add -d ZELDA -u testuser ... ls /mnt/1 ... umount /mnt echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8881203c3f08 (size 8): comm "ls", pid 5060, jiffies 4307222943 hex dump (first 8 bytes): 5a 45 4c 44 41 00 cc cc ZELDA... backtrace (crc d109a8cf): __kmalloc_node_track_caller_noprof+0x572/0x710 kstrdup+0x3a/0x70 cifs_sb_tlink+0x1209/0x1770 [cifs] cifs_get_fattr+0xe1/0xf50 [cifs] cifs_get_inode_info+0xb5/0x240 [cifs] cifs_revalidate_dentry_attr+0x2d1/0x470 [cifs] cifs_getattr+0x28e/0x450 [cifs] vfs_getattr_nosec+0x126/0x180 vfs_statx+0xf6/0x220 do_statx+0xab/0x110 __x64_sys_statx+0xd5/0x130 do_syscall_64+0xbb/0x380 entry_SYSCALL_64_after_hwframe+0x77/0x7f
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68295
EUVD
EUVD-2025-203785
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's SMB client code, specifically in the function cifs_construct_tcon(). When using a multiuser mount with a specified domain and cifscreds, the function cifs_set_cifscreds() sets the domain name in the context structure without freeing it properly before exiting cifs_construct_tcon(), causing a memory leak.


How can this vulnerability impact me? :

The memory leak can cause increased memory usage over time when using multiuser CIFS mounts with domain credentials, potentially leading to resource exhaustion or degraded system performance.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by using the kmemleak debugging tool in the Linux kernel. The following commands can be used to detect the memory leak related to this vulnerability: 1. Mount the CIFS share with multiuser and domain options: mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser 2. Switch to a test user: su - testuser 3. Add CIFS credentials: cifscreds add -d ZELDA -u testuser 4. Access the mounted share: ls /mnt/1 5. Unmount the share: umount /mnt 6. Trigger kmemleak scan: echo scan > /sys/kernel/debug/kmemleak 7. Check kmemleak output: cat /sys/kernel/debug/kmemleak If unreferenced objects related to the domain name appear, it indicates the presence of the memory leak vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed. The fix addresses the memory leak in cifs_construct_tcon() by properly freeing the domain name set by cifs_set_cifscreds(). Until the update is applied, avoid using multiuser mounts with the domain option and cifscreds, or monitor and manage memory usage carefully.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart