CVE-2025-40286

Linux Kernel 5.15.0-6.1.158, 6.2.0-6.6.116, 6.7.0-6.12.58, 6.13.0-6.17.8 - Memory Leak in SMB Server Read Operation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/0797c6cf3b857cc229ab2bc69552938dcd738d78

Patch

https://git.kernel.org/stable/c/63d8706a2c09a0c29b8b0e8a44bc7a1339685de9

Patch

https://git.kernel.org/stable/c/f1305587731886da37a214cda812ade246c653b0

Patch

https://git.kernel.org/stable/c/bfda5422a16651d0bf864ec468b1c216e1b10d91

Patch

https://git.kernel.org/stable/c/6fced056d2cc8d01b326e6fcfabaacb9850b71a4

Scores

EPSS 0.0006

EPSS Percentile 17.7%

Details

Status published

Products (16)

linux/Kernel 5.15.0 - 6.1.159linux

linux/Kernel 6.13.0 - 6.17.9linux

linux/Kernel 6.2.0 - 6.6.117linux

linux/Kernel 6.7.0 - 6.12.59linux

Linux/Linux < 5.15

Linux/Linux 5.15

Linux/Linux 6.1.159 - 6.1.*

Linux/Linux 6.12.59 - 6.12.*

Linux/Linux 6.17.9 - 6.17.*

Linux/Linux 6.18

... and 6 more

Published Dec 06, 2025

Tracked Since Feb 18, 2026