Memory Leak Vulnerability in Linux Kernel smb2_read Function
CVE-2025-40286

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40286?

A vulnerability has been identified in the Linux kernel's smb/server module, specifically within the smb2_read function, which could lead to a memory leak. This issue arises during the execution of ksmbd_vfs_read() when it fails to properly deallocate memory, resulting in potential resource exhaust. The resolution involves adding a missing kvfree() call to ensure memory is reclaimed appropriately, mitigating the risk of performance degradation and system instability. It is essential for users and administrators to apply the latest kernel updates to safeguard their systems effectively.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0797c6cf3b857cc229ab2bc69552938dcd738d78

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 63d8706a2c09a0c29b8b0e8a44bc7a1339685de9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/0797c6cf3b857cc229ab2bc69...

https://git.kernel.org/stable/c/63d8706a2c09a0c29b8b0e8a4...

https://git.kernel.org/stable/c/f1305587731886da37a214cda...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON