PT-2025-42317 · Samba+6 · Samba+6

Published

2025-10-15

Updated

2025-11-26

CVE-2025-9640

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description An issue exists in Samba’s vfs streams xattr module where uninitialized heap memory can be written into alternate data streams. This can allow an authenticated user to read residual memory content, potentially including sensitive data, leading to information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-908

Related Identifiers

ALT-PU-2025-13456

ALT-PU-2025-13458

AZL-68817

AZL-68936

BDU:2025-15225

CVE-2025-9640

DLA-4384-1

ECHO-BC79-1DDE-0065

OESA-2025-2509

OESA-2025-2510

OESA-2025-2511

OESA-2025-2512

OESA-2025-2513

OESA-2025-2539

OPENSUSE-SU-2025:15649-1

OPENSUSE-SU-2025:20048-1

SUSE-SU-2025:03603-1

SUSE-SU-2025:03604-1

SUSE-SU-2025:03612-1

SUSE-SU-2025:03618-1

SUSE-SU-2025:21005-1

SUSE-SU-2025:21026-1

SUSE-SU-2025:3676-1

SUSE-SU-2025:3677-1

USN-7826-1

USN-7826-2

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Samba

Suse

Ubuntu

PT-2025-42317 · Samba+6 · Samba+6

CVE-2025-9640

Weakness Enumeration

Related Identifiers

Affected Products

References · 74