CVE-2025-40328 smb: client: fix potential UAF in smb2_close_cached_fid()

🗓️ 09 Dec 2025 04:09:44Reported by LinuxType

CVE-2025-40328: fix use-after-free in smb2_close_cached_fid by using kref_put_lock with cfid_list_lock.

Reporter	Title	Published	Views	Family All 201
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1468)	6 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1495)	30 Mar 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20145-1)	4 Feb 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50006)	14 Jan 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2026-5.0-0745	30 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2026:0293-1)	27 Jan 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2026:0447-1)	12 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0472-1)	13 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0587-1)	21 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLES16 Security Update : kernel (SUSE-SU-2026:20220-1)	6 Feb 202600:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/cached_dir.c"
    ],
    "versions": [
      {
        "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
        "lessThan": "cb52d9c86d70298de0ab7c7953653898cbc0efd6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
        "lessThan": "065bd62412271a2d734810dd50336cae88c54427",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
        "lessThan": "bdb596ceb4b7c3f28786a33840263728217fbcf5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
        "lessThan": "734e99623c5b65bf2c03e35978a0b980ebc3c2f8",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/client/cached_dir.c"
    ],
    "versions": [
      {
        "version": "6.1",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.1",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.117",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.58",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.8",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/cb52d9c86d70298de0ab7c7953653898cbc0efd6
git	www.git.kernel.org/stable/c/065bd62412271a2d734810dd50336cae88c54427
git	www.git.kernel.org/stable/c/734e99623c5b65bf2c03e35978a0b980ebc3c2f8
git	www.git.kernel.org/stable/c/bdb596ceb4b7c3f28786a33840263728217fbcf5

11 May 2026 21:47Current

EPSS0.00036