VYPR
Unrated severityNVD Advisory· Published Jan 23, 2026· Updated Feb 9, 2026

cifs: Fix memory and information leak in smb3_reconfigure()

CVE-2025-71151

Description

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory and information leak in smb3_reconfigure()

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak.

Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.13

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.