CVE-2025-71220
Unknown Unknown - Not Provided
Improper Error Handling in Linux ksmbd Causes Resource Leak

Publication date: 2026-02-14

Last updated on: 2026-03-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71220
EUVD
EUVD-2025-206990
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.70 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.10 (exc)
linux linux_kernel From 5.15.145 (inc) to 5.15.200 (exc)
linux linux_kernel From 6.1.71 (inc) to 6.1.163 (exc)
linux linux_kernel From 6.6 (inc) to 6.6.124 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's SMB server implementation. Specifically, when the function ksmbd_iov_pin_rsp() fails during the creation of an SMB2 pipe, the error handling path does not properly call ksmbd_session_rpc_close(). This missing call could lead to improper session closure or resource management issues.

Impact Analysis

If the error path in create_smb2_pipe() does not call ksmbd_session_rpc_close() when ksmbd_iov_pin_rsp() fails, it may result in improper cleanup of SMB sessions. This could potentially lead to resource leaks or unstable SMB server behavior, which might affect system reliability or security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart