PT-2025-54089 · Linux · Linux Kernel

Published

2025-12-30

Updated

2026-02-24

CVE-2023-54260

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's CIFS implementation where a Server Message Block (SMB) direct connection's information could be leaked if memory allocation (MR allocate) failed. Specifically, if the MR allocate operation fails, the SMB direct connection information becomes NULL, and the smbd destroy() function returns prematurely, resulting in a memory leak of the connection information. The issue is addressed by setting the SMB direct connection information to the server before calling smbd destroy().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-54260

RHSA-2024:2394

SUSE-SU-2026:0263-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-54089 · Linux · Linux Kernel

CVE-2023-54260

Related Identifiers

Affected Products

References · 1110