SB20250520129 - Memory leak in Linux kernel smb server
Published: May 20, 2025
Security Bulletin ID
SB20250520129
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-37962)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2148d34371b06dac696c0497a98a6bf905a51650
- https://git.kernel.org/stable/c/829e19ef741d9e9932abdc3bee5466195e0852cf
- https://git.kernel.org/stable/c/af9e2d4732a548db8f6f5a90c2c20a789a3d7240
- https://git.kernel.org/stable/c/eb4447bcce915b43b691123118893fca4f372a8f
- https://git.kernel.org/stable/c/facf22c1a394c1e023dab5daf9a494f722771e1c