CVE-2025-40320

CVSS v2.0

5.7

Medium

Vector

AV:L/AC:H/Au:S/C:P/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the Server Message Block (SMB) client implementation, specifically in the smb2 query info compound function. A use-after-free condition can occur when the function retries an operation, potentially acting on a stale pointer if a previously allocated context ID (cfid) has been freed during the first attempt. This can lead to system instability. The issue is triggered when cfid is not reset to NULL upon replay. A trace indicates a refcount underflow and use-after-free occurring at refcount warn saturate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-825

Related Identifiers

BDU:2026-02963

CVE-2025-40320

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40320

Weakness Enumeration

Related Identifiers

Affected Products

References · 3209