Memory Management Vulnerability in Linux Kernel Affecting SMB Protocols
CVE-2025-39932

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39932?

A memory management vulnerability has been identified in the Linux kernel impacting SMB protocols. The issue arises during the execution of the smbd_destroy() function, which fails to adequately manage the lifecycle of pending work items related to memory deallocation. Specifically, the post_send_credits_work may still be active when memory is destroyed, potentially leading to access violations or crashes. This flaw highlights the importance of proper synchronization in memory management operations within kernel processes, ensuring that all asynchronous workflows are completed before proceeding with memory deallocation.

Affected Version(s)

Linux f198186aa9bbd60fae7a2061f4feec614d880299 < 6ae90a2baf923e85eb037b636aa641250bf4220f

Linux f198186aa9bbd60fae7a2061f4feec614d880299 < 3fabb1236f2e3ad78d531be0a4ad9f4a4ccdda87

Linux f198186aa9bbd60fae7a2061f4feec614d880299

References

https://git.kernel.org/stable/c/6ae90a2baf923e85eb037b636...

https://git.kernel.org/stable/c/3fabb1236f2e3ad78d531be0a...

https://git.kernel.org/stable/c/d9dcbbcf9145b68aa85c40947...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON