CVE-2025-40328

Published: Dec 9, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab a new reference after kref_put() had seen the refcount drop to zero but before cfid_list_lock is acquired in smb2_close_cached_fid(), leading to use-after-free. Switch to kref_put_lock() so cfid_release() is called with cfid_list_lock held, closing that gap.

Vendor	Product	Versions
Linux	Linux	affected `ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < cb52d9c86d70298de0ab7c7953653898cbc0efd6` affected `ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 065bd62412271a2d734810dd50336cae88c54427` affected `ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < bdb596ceb4b7c3f28786a33840263728217fbcf5` affected `ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 734e99623c5b65bf2c03e35978a0b980ebc3c2f8`
Linux	Linux	affected `6.1` unaffected `0 - < 6.1` unaffected `6.6.117 - <= 6.6.` unaffected `6.12.58 - <= 6.12.` unaffected `6.17.8 - <= 6.17.*` +1 more versions

References

https://git.kernel.org/stable/c/cb52d9c86d70298de0ab7c7953653898cbc0efd6

https://git.kernel.org/stable/c/065bd62412271a2d734810dd50336cae88c54427

https://git.kernel.org/stable/c/bdb596ceb4b7c3f28786a33840263728217fbcf5

https://git.kernel.org/stable/c/734e99623c5b65bf2c03e35978a0b980ebc3c2f8

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40328

Description

Affected Products

References