Memory Leak in Linux Kernel SMB Client Affects System Performance
CVE-2025-40268

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40268?

A memory leak vulnerability has been identified in the SMB client of the Linux kernel, specifically within the smb3_fs_context_parse_param function. This issue arises during the parsing of parameters within fsconfig calls, where memory allocated for the first call is not properly released before the second call, leading to unreferenced memory objects. Without appropriate memory reclamation for both calls, system performance may degrade over time. Developers are urged to apply the latest patches that address this memory leak by ensuring all allocated memory is effectively freed before exiting the function.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 868fc62811d3fabcf5685e14f36377a855d5412d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 48c17341577e25a22feb13d694374b61d974edbc

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4515743cc7a42e1d67468402a6420c195532a6fa

References

https://git.kernel.org/stable/c/868fc62811d3fabcf5685e14f...

https://git.kernel.org/stable/c/48c17341577e25a22feb13d69...

https://git.kernel.org/stable/c/4515743cc7a42e1d67468402a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON