Resource Leak in Linux Kernel Caused by CIFS Client Refcount Issues
CVE-2025-40103

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40103?

The Linux kernel has been identified with a vulnerability related to CIFS client refcount inconsistencies. Specifically, the issue arises from three missing updates to the reference count of 'cifs_sb_tlink', which can result in resource leaks. Proper management of the reference count is crucial to prevent potential system resource exhaustion. Developers are encouraged to ensure that the function 'cifs_put_tlink()' is called accurately after utilizing 'cifs_sb_tlink()' to mitigate the risk of these leaks.

Affected Version(s)

Linux 8ceb984379462f94bdebef3288d569c6e1f912ea < 790282abe9d805f08618c1c24ea2529e7259b692

Linux 8ceb984379462f94bdebef3288d569c6e1f912ea

References

https://git.kernel.org/stable/c/790282abe9d805f08618c1c24...

https://git.kernel.org/stable/c/d7dd034c14928306db1b46be2...

https://git.kernel.org/stable/c/e15605b68b490186da2ad8029...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON