CVE-2025-40268Incomplete Cleanup in Linux

CWE-459Incomplete Cleanup33 documents7 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 88.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 6
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3_fs_context_parse_param The user calls fsconfig twice, but when the program exits, free() only frees ctx->source for the second fsconfig, not the first. Regarding fc->source, there is no code in the fs context related to its memory reclamation. To fix this memory leak, release the source memory corresponding to ctx or fc before each parsing. syzbot reported: BUG: memory leak unreferenced

Affected Packages6 packages

Linuxlinux/linux_kernel5.11.06.6.117+2
Debianlinux/linux_kernel< 6.12.63-1+1
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linuxaf1a3d2ba9543e99d78914d8fb88b61d0531d9a1868fc62811d3fabcf5685e14f36377a855d5412d+4

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

16
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23