CVE-2025-68295
Description
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix memory leak in cifs_construct_tcon()
When having a multiuser mount with domain= specified and using cifscreds, cifs_set_cifscreds() will end up setting @ctx->domainname, so it needs to be freed before leaving cifs_construct_tcon().
This fixes the following memory leak reported by kmemleak:
mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,... su - testuser cifscreds add -d ZELDA -u testuser ... ls /mnt/1 ... umount /mnt echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8881203c3f08 (size 8): comm "ls", pid 5060, jiffies 4307222943 hex dump (first 8 bytes): 5a 45 4c 44 41 00 cc cc ZELDA... backtrace (crc d109a8cf): __kmalloc_node_track_caller_noprof+0x572/0x710 kstrdup+0x3a/0x70 cifs_sb_tlink+0x1209/0x1770 [cifs] cifs_get_fattr+0xe1/0xf50 [cifs] cifs_get_inode_info+0xb5/0x240 [cifs] cifs_revalidate_dentry_attr+0x2d1/0x470 [cifs] cifs_getattr+0x28e/0x450 [cifs] vfs_getattr_nosec+0x126/0x180 vfs_statx+0xf6/0x220 do_statx+0xab/0x110 __x64_sys_statx+0xd5/0x130 do_syscall_64+0xbb/0x380 entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's CIFS client, triggered by multiuser mounts with a domain= option and cifscreds, can lead to resource exhaustion and is patched.
Vulnerability
CVE-2025-68295 is a memory leak in the Linux kernel's CIFS (Common Internet File System) client, specifically in the cifs_construct_tcon() function. The CIFS client is used to mount SMB shares. The vulnerability occurs when a mount is configured with the domain= option (e.g., domain=ZELDA) and multiuser, and when the cifscreds utility is used to add credentials are added. In this scenario, cifs_set_cifscreds() sets the @ctx->domainname field, which is allocated via kstrdup(). However, before cifs_construct_tcon() returns, this allocated memory is not freed, causing a memory leak [1][2][3].
Exploitation
The leak is triggered by normal CIFS operations in a multiuser environment. An attacker who can induce an unprivileged user (on a system with such a mount) to perform file operations (e.g., ls) on the mount point will cause the leak to occur. The kernel memory leak is reproducible by scanning with kmemleak, as shown in the kernel changelog. The attack surface is limited to systems that use the specific CIFS configuration (multiuser mount with a domain= option) and where a user adds CIFS credentials via cifscreds. No special privileges beyond having access to the mount are required to trigger the leak.
Impact
Over time, repeated triggering of this memory leak can exhaust system memory, potentially leading to denial of service (resource exhaustion) for the affected system. The leak is small (8 bytes per occurrence in the reported test) but can accumulate. There is no indication of privilege escalation or data corruption; the impact is limited to availability.
Mitigation
The fix
Patches have been provided in the Linux kernel stable series [1][2][3]. The fix adds a kfree() for the ctx->domainname before cifs_construct_tcon() returns, ensuring the allocated memory is properly released. Users and administrators should apply the latest kernel updates from their distribution. A workaround is to avoid using the domain= option in conjunction with multiuser and cifscreds, or to avoid using multiuser CIFS mounts altogether until patched.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/3184b6a5a24ec9ee74087b2a550476f386df7dc2nvd
- git.kernel.org/stable/c/3dd546e867e94c2f954bca45a961b6104ba708b6nvd
- git.kernel.org/stable/c/a67e91d5f446e455dd9201cdd6e865f7078d251dnvd
- git.kernel.org/stable/c/d146e96fef876492979658dce644305de35878d4nvd
- git.kernel.org/stable/c/f15288c137d960836277d0e3ecc62de68e52f00fnvd
- git.kernel.org/stable/c/f62ffdfb431bdfa4b6d24233b7fd830eca0b801envd
- git.kernel.org/stable/c/ff8f9bd1c46ee02d5558293915d42e82646d5ee9nvd
News mentions
0No linked articles in our index yet.