-

CVE-2025-68295

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix memory leak in cifs_construct_tcon()

When having a multiuser mount with domain= specified and using
cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname,
so it needs to be freed before leaving cifs_construct_tcon().

This fixes the following memory leak reported by kmemleak:

  mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,...
  su - testuser
  cifscreds add -d ZELDA -u testuser
  ...
  ls /mnt/1
  ...
  umount /mnt
  echo scan > /sys/kernel/debug/kmemleak
  cat /sys/kernel/debug/kmemleak
  unreferenced object 0xffff8881203c3f08 (size 8):
    comm "ls", pid 5060, jiffies 4307222943
    hex dump (first 8 bytes):
      5a 45 4c 44 41 00 cc cc                          ZELDA...
    backtrace (crc d109a8cf):
      __kmalloc_node_track_caller_noprof+0x572/0x710
      kstrdup+0x3a/0x70
      cifs_sb_tlink+0x1209/0x1770 [cifs]
      cifs_get_fattr+0xe1/0xf50 [cifs]
      cifs_get_inode_info+0xb5/0x240 [cifs]
      cifs_revalidate_dentry_attr+0x2d1/0x470 [cifs]
      cifs_getattr+0x28e/0x450 [cifs]
      vfs_getattr_nosec+0x126/0x180
      vfs_statx+0xf6/0x220
      do_statx+0xab/0x110
      __x64_sys_statx+0xd5/0x130
      do_syscall_64+0xbb/0x380
      entry_SYSCALL_64_after_hwframe+0x77/0x7f
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < ff8f9bd1c46ee02d5558293915d42e82646d5ee9
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < d146e96fef876492979658dce644305de35878d4
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < 3dd546e867e94c2f954bca45a961b6104ba708b6
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < f62ffdfb431bdfa4b6d24233b7fd830eca0b801e
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < f15288c137d960836277d0e3ecc62de68e52f00f
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < a67e91d5f446e455dd9201cdd6e865f7078d251d
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version < 3184b6a5a24ec9ee74087b2a550476f386df7dc2
Version f2aee329a68f5a907bcff11a109dfe17c0b41aeb
Status affected
Version 1456d3cea31114137fabf1110d20a2e2c6d6060f
Status affected
Version 16764d7486d02b1699ae16e91d7a577602398b17
Status affected
Version 904847402bd74a28164bd4d8da082d1eace7c190
Status affected
Version 325fa2a6729b74b2806b31725940cb54658515e5
Status affected
Version 8db988a982908b7bff76e095000adabf9c29698b
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.3
Status affected
Version < 5.3
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.247
Status unaffected
Version <= 5.15.*
Version 5.15.197
Status unaffected
Version <= 6.1.*
Version 6.1.159
Status unaffected
Version <= 6.6.*
Version 6.6.119
Status unaffected
Version <= 6.12.*
Version 6.12.61
Status unaffected
Version <= 6.17.*
Version 6.17.11
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.191
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.