Session Management Issue in Linux Kernel's SMB Server by Microsoft
CVE-2025-40285

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 December 2025

What is CVE-2025-40285?

A vulnerability within the Linux kernel's SMB server was identified, where a reference count leak could occur in the ksmbd_session upon session reconnection. This issue arises from the failure to properly decrement the reference count when a session needs to be re-established, potentially leading to resource exhaustion over time. The problem has been addressed by implementing a call to ksmbd_user_session_put(), ensuring that references are correctly managed and preventing leaks that could affect system performance and stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 37a0e2b362b3150317fb6e2139de67b1e29ae5ff < 6fc935f798d44a8eb8a5e6659198399fbf57b981

Linux 450a844c045ff0895d41b05a1cbe8febd1acfcfd

Linux a39e31e22a535d47b14656a7d6a893c7f6cf758c

References

https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659...
https://git.kernel.org/stable/c/e671f9bb97805771380c98de9...
https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.