CVE-2025-39819

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential inconsistent update of the reference count was identified in the smb2 compound op function. This inconsistency could lead to resource leaks. The issue arises because the reference to cfile is not always dropped after calling the function, specifically when an error occurs during memory allocation for vars. The fix introduces an additional goto label ("out") to ensure cleanup logic is always executed, even in cases of memory allocation failure. The error code "-ENOMEM" is considered non-recoverable, and replay logic is ignored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

AZL-67377

BDU:2025-15680

CVE-2025-39819

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-6B82-4420-3384

INFSA-2025_19105

OESA-2025-2465

OESA-2025-2466

OESA-2025-2467

OPENSUSE-SU-2025:20172-1

RHSA-2025:19105

RHSA-2025_19105

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4515-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Ubuntu

CVE-2025-39819

Weakness Enumeration

Related Identifiers

Affected Products

References · 1772