Use-After-Free Vulnerability in Linux Kernel's SMB Client
CVE-2025-40328
What is CVE-2025-40328?
The Linux Kernel's SMB client was found to have a use-after-free vulnerability that could lead to potential security issues. This arises when the function find_or_create_cached_dir() is executed, allowing an object reference to be obtained after the reference count has already dropped to zero. This window of opportunity exists before the cfid_list_lock is acquired in the smb2_close_cached_fid() method. The vulnerability has been addressed by implementing kref_put_lock(), ensuring that the cfid_release() is now called while holding the cfid_list_lock, effectively mitigating the risk of use-after-free occurrences.
Affected Version(s)
Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7
Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7 < 065bd62412271a2d734810dd50336cae88c54427
Linux ebe98f1447bbccf8228335c62d86af02a0ed23f7