CVE-2025-37962

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix memory leak in parse_lease_state()

The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure.

This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux629dd37acc336ad778979361c351e782053ea284 < facf22c1a394c1e023dab5daf9a494f722771e1caffected
LinuxLinux60b7207893a8a06c78441934931a08fdad63f18e < af9e2d4732a548db8f6f5a90c2c20a789a3d7240affected
LinuxLinux800c482c9ef5910f05e3a713943c67cc6c1d4939 < 2148d34371b06dac696c0497a98a6bf905a51650affected
LinuxLinux9a1b6ea955e6c7b29939a6d98701202f9d9644ec < 829e19ef741d9e9932abdc3bee5466195e0852cfaffected
LinuxLinuxbab703ed8472aa9d109c5f8c1863921533363dae < eb4447bcce915b43b691123118893fca4f372a8faffected
LinuxLinuxa41cd52f00907a040ca22c73d4805bb79b0d0972affected
LinuxLinux6.13.11 < 6.14affected
LinuxLinux6.1.134 < 6.1.139affected
LinuxLinux6.6.87 < 6.6.91affected
LinuxLinux6.12.23 < 6.12.29affected
LinuxLinux6.14.2 < 6.14.7affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References