Use-After-Free Vulnerability in Linux Kernel SMB Client
CVE-2025-40320

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40320?

A vulnerability in the Linux kernel's SMB client could lead to a use-after-free condition during file operation retries. Specifically, when the smb2_query_info_compound() function attempts to retry, a client identifier (cfid) that was previously allocated may have been freed during the first attempt. Since cfid isn't reset during this replay, subsequent cleanups can access a dangling pointer, risking data corruption or system instability. The issue has been addressed by reinitializing cfid to NULL during the replay process to mitigate the risks associated with stale pointers.

Affected Version(s)

Linux 433042a91f9373241307725b52de573933ffedbf < 939c4e33005e2a56ea8fcedddf0da92df864bd3b

Linux 4f1fffa2376922f3d1d506e49c0fd445b023a28e < 327f89c21601ebb7889f8c97754b76f08ce95a0c

Linux 4f1fffa2376922f3d1d506e49c0fd445b023a28e

References

https://git.kernel.org/stable/c/939c4e33005e2a56ea8fceddd...

https://git.kernel.org/stable/c/327f89c21601ebb7889f8c977...

https://git.kernel.org/stable/c/b556c278d43f4707a9073ca74...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON