CVE-2025-40320 smb: client: fix potential cfid UAF in smb2_query_info_compound

🗓️ 08 Dec 2025 00:46:47Reported by LinuxType

Linux kernel smb client fixes potential cfid use-after-free by resetting cfid on replay.

Reporter	Title	Published	Views	Family All 198
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1495)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : kernel (ALSA-2026:18134)	8 Jun 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20145-1)	4 Feb 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50006)	14 Jan 202600:00	–	nessus
Tenable Nessus	RHEL 10 : kernel (RHSA-2026:18134)	19 May 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0278-1)	24 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0281-1)	27 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2026:0293-1)	27 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2026:0315-1)	30 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLES16 Security Update : kernel (SUSE-SU-2026:20220-1)	6 Feb 202600:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/smb2ops.c"
    ],
    "versions": [
      {
        "version": "433042a91f9373241307725b52de573933ffedbf",
        "lessThan": "939c4e33005e2a56ea8fcedddf0da92df864bd3b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4f1fffa2376922f3d1d506e49c0fd445b023a28e",
        "lessThan": "327f89c21601ebb7889f8c97754b76f08ce95a0c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4f1fffa2376922f3d1d506e49c0fd445b023a28e",
        "lessThan": "b556c278d43f4707a9073ca74d55581b4f279806",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4f1fffa2376922f3d1d506e49c0fd445b023a28e",
        "lessThan": "5c76f9961c170552c1d07c830b5e145475151600",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6.6.32",
        "lessThan": "6.6.117",
        "status": "affected",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/smb2ops.c"
    ],
    "versions": [
      {
        "version": "6.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.8",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.117",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.58",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.8",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/327f89c21601ebb7889f8c97754b76f08ce95a0c
git	www.git.kernel.org/stable/c/b556c278d43f4707a9073ca74d55581b4f279806
git	www.git.kernel.org/stable/c/5c76f9961c170552c1d07c830b5e145475151600
git	www.git.kernel.org/stable/c/939c4e33005e2a56ea8fcedddf0da92df864bd3b

23 May 2026 16:02Current

EPSS0.00156