SB2025121649 - Memory leak in Linux kernel smb client
Published: December 16, 2025
Security Bulletin ID
SB2025121649
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3184b6a5a24ec9ee74087b2a550476f386df7dc2
- https://git.kernel.org/stable/c/3dd546e867e94c2f954bca45a961b6104ba708b6
- https://git.kernel.org/stable/c/a67e91d5f446e455dd9201cdd6e865f7078d251d
- https://git.kernel.org/stable/c/d146e96fef876492979658dce644305de35878d4
- https://git.kernel.org/stable/c/f15288c137d960836277d0e3ecc62de68e52f00f
- https://git.kernel.org/stable/c/f62ffdfb431bdfa4b6d24233b7fd830eca0b801e
- https://git.kernel.org/stable/c/ff8f9bd1c46ee02d5558293915d42e82646d5ee9