CVE-2025-68219

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the CIFS implementation, specifically within the smb3 fs context parse param function. The issue arises when processing Opt source mount options, where memory allocated for source strings (ctx->source and fc->source) is not properly freed in error scenarios. This leak was initially detected by syzbot and occurs when an error happens after the source strings are allocated but before the function completes. The error handler previously freed passwords but failed to free the allocated source strings, leading to a memory leak. A prior attempt to address this issue (commit e8c73eb7db0a) only resolved leaks from repeated fsconfig() calls and did not cover this specific error path. The fix involves adding proper cleanup of ctx->source and fc->source to the cifs parse mount err error handler, ensuring memory is freed on all error paths and pointers are set to NULL to prevent double-free issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.