Main Vulnerability Database SB2025042229

SB2025042229 - Memory leak in Linux kernel smb client

Published: April 22, 2025 Updated: May 11, 2025

Security Bulletin ID SB2025042229

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2025-22077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/95d2b9f693ff2a1180a23d7d59acc0c4e72f4c41
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88