Refcount Leak Vulnerability in Linux Kernel's ksmbd Service
CVE-2025-39720

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39720?

A refcount leak has been detected in the ksmbd service of the Linux kernel, which prevents proper resource deallocation. When the ksmbd_conn_releasing function indicates a connection is being released, the reference count is not decremented as intended. This leads to a situation where the reference count does not reach zero, resulting in memory resources remaining allocated and potentially causing resource exhaustion over time. It is crucial for users and administrators to address this vulnerability to secure their systems against unintended behavior and performance degradation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 36e010bb865fbaa1202fe9bcce3fd486d6db7606

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9a7abce6e8c0e2145b346a6d4abf0d9655e9b0e8

References

https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba9...

https://git.kernel.org/stable/c/36e010bb865fbaa1202fe9bcc...

https://git.kernel.org/stable/c/9a7abce6e8c0e2145b346a6d4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025