CVE-2025-71220
Improper Error Handling in Linux ksmbd Causes Resource Leak
Publication date: 2026-02-14
Last updated on: 2026-03-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.70 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.10 (exc) |
| linux | linux_kernel | From 5.15.145 (inc) to 5.15.200 (exc) |
| linux | linux_kernel | From 6.1.71 (inc) to 6.1.163 (exc) |
| linux | linux_kernel | From 6.6 (inc) to 6.6.124 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SMB server implementation. Specifically, when the function ksmbd_iov_pin_rsp() fails during the creation of an SMB2 pipe, the error handling path does not properly call ksmbd_session_rpc_close(). This missing call could lead to improper session closure or resource management issues.
How can this vulnerability impact me? :
If the error path in create_smb2_pipe() does not call ksmbd_session_rpc_close() when ksmbd_iov_pin_rsp() fails, it may result in improper cleanup of SMB sessions. This could potentially lead to resource leaks or unstable SMB server behavior, which might affect system reliability or security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know