CVE-2025-40320

EPSS 0.02%
Veröffentlicht 08.12.2025 00:46:47
Zuletzt bearbeitet 08.12.2025 18:26:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential cfid UAF in smb2_query_info_compound

When smb2_query_info_compound() retries, a previously allocated cfid may
have been freed in the first attempt.
Because cfid wasn't reset on replay, later cleanup could act on a stale
pointer, leading to a potential use-after-free.

Reinitialize cfid to NULL under the replay label.

Example trace (trimmed):

refcount_t: underflow; use-after-free.
WARNING: CPU: 1 PID: 11224 at ../lib/refcount.c:28 refcount_warn_saturate+0x9c/0x110
[...]
RIP: 0010:refcount_warn_saturate+0x9c/0x110
[...]
Call Trace:
 <TASK>
 smb2_query_info_compound+0x29c/0x5c0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]
 ? step_into+0x10d/0x690
 ? __legitimize_path+0x28/0x60
 smb2_queryfs+0x6a/0xf0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]
 smb311_queryfs+0x12d/0x140 [cifs f90b72658819bd21c94769b6a652029a07a7172f]
 ? kmem_cache_alloc+0x18a/0x340
 ? getname_flags+0x46/0x1e0
 cifs_statfs+0x9f/0x2b0 [cifs f90b72658819bd21c94769b6a652029a07a7172f]
 statfs_by_dentry+0x67/0x90
 vfs_statfs+0x16/0xd0
 user_statfs+0x54/0xa0
 __do_sys_statfs+0x20/0x50
 do_syscall_64+0x58/0x80

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 939c4e33005e2a56ea8fcedddf0da92df864bd3b

Version 433042a91f9373241307725b52de573933ffedbf

Status affected

Version < 327f89c21601ebb7889f8c97754b76f08ce95a0c

Version 4f1fffa2376922f3d1d506e49c0fd445b023a28e

Status affected

Version < b556c278d43f4707a9073ca74d55581b4f279806

Version 4f1fffa2376922f3d1d506e49c0fd445b023a28e

Status affected

Version < 5c76f9961c170552c1d07c830b5e145475151600

Version 4f1fffa2376922f3d1d506e49c0fd445b023a28e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.8

Status affected

Version < 6.8

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/939c4e33005e2a56ea8fcedddf0da92df864bd3b

https://git.kernel.org/stable/c/327f89c21601ebb7889f8c97754b76f08ce95a0c

https://git.kernel.org/stable/c/b556c278d43f4707a9073ca74d55581b4f279806

https://git.kernel.org/stable/c/5c76f9961c170552c1d07c830b5e145475151600

https://nvd.nist.gov/vuln/detail/CVE-2025-40320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40320

EUVD