Session Management Issue in Linux Kernel's SMB Server by Microsoft
CVE-2025-40285

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40285?

A vulnerability within the Linux kernel's SMB server was identified, where a reference count leak could occur in the ksmbd_session upon session reconnection. This issue arises from the failure to properly decrement the reference count when a session needs to be re-established, potentially leading to resource exhaustion over time. The problem has been addressed by implementing a call to ksmbd_user_session_put(), ensuring that references are correctly managed and preventing leaks that could affect system performance and stability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6fc935f798d44a8eb8a5e6659198399fbf57b981

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659...

https://git.kernel.org/stable/c/e671f9bb97805771380c98de9...

https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON