5.5
CVE-2025-39929
- EPSS 0.14%
- Veröffentlicht 04.10.2025 07:30:55
- Zuletzt bearbeitet 12.05.2026 13:17:17
- CVE-Watchlists
- Unerledigt
smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.16 < 6.1.154
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.108
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.49
Linux ≫ Linux Kernel Version >= 6.13 < 6.16.9
Linux ≫ Linux Kernel Version6.17 Updaterc1
Linux ≫ Linux Kernel Version6.17 Updaterc2
Linux ≫ Linux Kernel Version6.17 Updaterc3
Linux ≫ Linux Kernel Version6.17 Updaterc4
Linux ≫ Linux Kernel Version6.17 Updaterc5
Linux ≫ Linux Kernel Version6.17 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.035 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689
https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df
https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4
https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e
https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0
https://cert-portal.siemens.com/productcert/html/ssa-082556.html