CVE-2025-40285

EPSS 0.06%
Veröffentlicht 06.12.2025 21:51:09
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

smb/server: fix possible refcount leak in smb2_sess_setup()

In the Linux kernel, the following vulnerability has been resolved:

smb/server: fix possible refcount leak in smb2_sess_setup()

Reference count of ksmbd_session will leak when session need reconnect.
Fix this by adding the missing ksmbd_user_session_put().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 12

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 37a0e2b362b3150317fb6e2139de67b1e29ae5ff

Version < 6fc935f798d44a8eb8a5e6659198399fbf57b981

Status affected

Version 450a844c045ff0895d41b05a1cbe8febd1acfcfd

Version < e671f9bb97805771380c98de944e2ceab6949188

Status affected

Version a39e31e22a535d47b14656a7d6a893c7f6cf758c

Version < dcc51dfe6ff26b52cac106865a172ac982d78401

Status affected

Version b95629435b84b9ecc0c765995204a4d8a913ed52

Version < d37b2c81c83d6c0d5ca582f4fe73c672983f9e0d

Status affected

Version b95629435b84b9ecc0c765995204a4d8a913ed52

Version < 379510a815cb2e64eb0a379cb62295d6ade65df0

Status affected

Version 2107ab40629aeabbec369cf34b8cf0f288c3eb1b

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.13

Status affected

Version 0

Version < 6.13

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659198399fbf57b981

https://git.kernel.org/stable/c/e671f9bb97805771380c98de944e2ceab6949188

https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865a172ac982d78401

https://git.kernel.org/stable/c/d37b2c81c83d6c0d5ca582f4fe73c672983f9e0d

https://git.kernel.org/stable/c/379510a815cb2e64eb0a379cb62295d6ade65df0

https://nvd.nist.gov/vuln/detail/CVE-2025-40285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40285

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40285