smb: client: fix incomplete backport in cfids_invalidation_worker()
CVE-2025-68226

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68226?

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix incomplete backport in cfids_invalidation_worker()

The previous commit bdb596ceb4b7 ("smb: client: fix potential UAF in smb2_close_cached_fid()") was an incomplete backport and missed one kref_put() call in cfids_invalidation_worker() that should have been converted to close_cached_dir().

Affected Version(s)

Linux bdb596ceb4b7c3f28786a33840263728217fbcf5

Linux 6.17.8 < 6.17.10

References

https://git.kernel.org/stable/c/abd29b6e17a918fdd68352ce4...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68226 : Linux Kernel Vulnerability in SMB Client Affecting Multiple Distributions