CVE-2025-40103

low

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.

References

https://git.kernel.org/stable/c/e15605b68b490186da2ad8029c0351a9cfb0b9af

https://git.kernel.org/stable/c/d7dd034c14928306db1b46be277ae439b84dacf9

https://git.kernel.org/stable/c/c2b77f42205ef485a647f62082c442c1cd69d3fc

https://git.kernel.org/stable/c/896bb31e1416f582503db1350cf1bd10dc64e5a6

https://git.kernel.org/stable/c/790282abe9d805f08618c1c24ea2529e7259b692

Details

Source: Mitre, NVD

Published: 2025-10-30

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Severity: Low

EPSS

EPSS: 0.00018