Main Vulnerability Database Vulnerabilities #VU114901

Memory leak in Linux kernel - CVE-2025-39720

Published: September 8, 2025

Vulnerability identifier: #VU114901

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-39720

CWE-ID: CWE-401

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smb_send_parent_lease_break_noti(), smb_lazy_parent_lease_break_close() and smb_break_all_levII_oplock() functions in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

How to mitigate CVE-2025-39720

Install update from vendor's repository.

Sources

https://git.kernel.org/stable/c/36e010bb865fbaa1202fe9bcce3fd486d6db7606
https://git.kernel.org/stable/c/89bb430f621124af39bb31763c4a8b504c9651e2
https://git.kernel.org/stable/c/9a7abce6e8c0e2145b346a6d4abf0d9655e9b0e8
https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a

Memory leak in Linux kernel - CVE-2025-39720

Detailed vulnerability description

How to mitigate CVE-2025-39720

Sources

Please verify you're human