CVE-2025-40103

medium

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.

References

https://git.kernel.org/stable/c/e15605b68b490186da2ad8029c0351a9cfb0b9af

https://git.kernel.org/stable/c/d7dd034c14928306db1b46be277ae439b84dacf9

https://git.kernel.org/stable/c/c2b77f42205ef485a647f62082c442c1cd69d3fc

https://git.kernel.org/stable/c/896bb31e1416f582503db1350cf1bd10dc64e5a6

https://git.kernel.org/stable/c/790282abe9d805f08618c1c24ea2529e7259b692

Details

Source: Mitre, NVD

Published: 2025-10-30

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018