CVE-2025-40268

CVSS v2.0

1.7

Low

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the smb3 fs context parse param function within the CIFS client. The issue occurs when fsconfig is called multiple times, where memory associated with the first call is not properly freed upon program exit. Specifically, the source memory for the initial fsconfig call remains unreferenced, leading to a memory leak. The kstrdup function is involved in the allocation of this memory. The smb3 fs context parse param function is responsible for parsing parameters, and the leak occurs during this process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

BDU:2026-03068

CVE-2025-40268

ECHO-6CAA-A5F3-DC8A

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40268

Weakness Enumeration

Related Identifiers

Affected Products

References · 3215