CVE-2025-39819 — Missing Release of Resource after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
fs/smb: Fix inconsistent refcnt update
A possible inconsistent update of refcount was identified in `smb2_compound_op`.
Such inconsistent update could lead to possible resource leaks.
Why it is a possible bug:
1. In the comment section of the function, it clearly states that the
reference to `cfile` should be dropped after calling this function.
2. Every control flow path would check and drop the reference to
`cfile`, except …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxa7d5c294628088781da9e91cbb034d61c3a71f71 — 3fc11ff13fbc2749871d6ac2141685cf54699997+5
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-96wc-h5c4-3f6j: In the Linux kernel, the following vulnerability has been resolved:
fs/smb: Fix inconsistent refcnt update
A possible inconsistent update of refcoun↗2025-09-16
OSV▶
CVE-2025-39819: In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount↗2025-09-16