CVE-2025-71151— cifs: Fix memory and information leak in smb3_reconfigure()
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 14
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 880a661e67648a3ffe85405e8de5f50650a3c0b2< bc390b2737205163e48cc1655f6a0c8cd55b02fc | affected |
0e4145774c016530bf99afb3675a1a0593c35642< 5679cc90bb5415801fa29041da0319d9e15d295d | affected | ||
0f0e357902957fba28ed31bde0d6921c6bd1485d< bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6 | affected | ||
0f0e357902957fba28ed31bde0d6921c6bd1485d< cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d | affected | ||
674ba43944dab8e8f87434e25d9d10c5152584bc | affected | ||
6.6.64< 6.6.120 | affected | ||
6.12.2< 6.12.64 | affected | ||
6.11.11< 6.12 | affected | ||
| … +6 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-71151
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cifs: Fix memory and information leak in smb3_reconfigure()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于smb3_reconfigure函数在失败时未释放密码缓冲区,可能导致内存和信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-71151
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-71151
请登录查看更多情报信息。
Same Patch Batch · Linux · 2026-01-23 · 34 CVEs total
| CVE-2026-22984 | 9.8 CRITICAL | libceph: prevent potential out-of-bounds reads in handle_auth_done() |
| CVE-2026-22988 | 7.8 HIGH | arp: do not assume dev_hard_header() does not change skb->head |
| CVE-2026-22980 | 7.8 HIGH | nfsd: provide locking for v4_end_grace |
| CVE-2026-22992 | 7.5 HIGH | libceph: return the handler error from mon_handle_auth_done() |
| CVE-2026-22991 | 7.5 HIGH | libceph: make free_choose_arg_map() resilient to partial allocation |
| CVE-2026-22990 | 7.5 HIGH | libceph: replace overzealous BUG_ON in osdmap_apply_incremental() |
| CVE-2026-22993 | idpf: Fix RSS LUT NULL ptr issue after soft reset | |
| CVE-2026-22989 | nfsd: check that server is running in unlock_filesystem | |
| CVE-2026-22979 | net: fix memory leak in skb_segment_list for GRO packets | |
| CVE-2026-22987 | net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy | |
| CVE-2026-22986 | gpiolib: fix race condition for gdev->srcu | |
| CVE-2026-22985 | idpf: Fix RSS LUT NULL pointer crash on early ethtool operations | |
| CVE-2026-22994 | bpf: Fix reference count leak in bpf_prog_test_run_xdp() | |
| CVE-2026-22983 | net: do not write to msg_get_inq in callee | |
| CVE-2026-22982 | net: mscc: ocelot: Fix crash when adding interface under a lag | |
| CVE-2026-22981 | idpf: detach and close netdevs while handling a reset | |
| CVE-2026-22995 | ublk: fix use-after-free in ublk_partition_scan_work | |
| CVE-2025-71145 | usb: phy: isp1301: fix non-OF device reference imbalance | |
| CVE-2026-22978 | wifi: avoid kernel-infoleak from struct iw_point | |
| CVE-2025-71161 | dm-verity: disable recursive forward error correction |
Showing top 20 of 34 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
Same vendor: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
V. Comments for CVE-2025-71151
No comments yet