CVE-2025-71151

Published: Jan 23, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

Vendor	Product	Versions
Linux	Linux	affected `880a661e67648a3ffe85405e8de5f50650a3c0b2 - < bc390b2737205163e48cc1655f6a0c8cd55b02fc` affected `0e4145774c016530bf99afb3675a1a0593c35642 - < 5679cc90bb5415801fa29041da0319d9e15d295d` affected `0f0e357902957fba28ed31bde0d6921c6bd1485d - < bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6` affected `0f0e357902957fba28ed31bde0d6921c6bd1485d - < cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d` affected `674ba43944dab8e8f87434e25d9d10c5152584bc` +3 more versions
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.6.120 - <= 6.6.` unaffected `6.12.64 - <= 6.12.` unaffected `6.18.3 - <= 6.18.*` +1 more versions

References

https://git.kernel.org/stable/c/bc390b2737205163e48cc1655f6a0c8cd55b02fc

https://git.kernel.org/stable/c/5679cc90bb5415801fa29041da0319d9e15d295d

https://git.kernel.org/stable/c/bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6

https://git.kernel.org/stable/c/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-71151

Description

Affected Products

References