CVE-2025-37962
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix memory leak in parse_lease_state()
The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure.
This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 629dd37acc336ad778979361c351e782053ea284 < facf22c1a394c1e023dab5daf9a494f722771e1c | affected |
| Linux | Linux | 60b7207893a8a06c78441934931a08fdad63f18e < af9e2d4732a548db8f6f5a90c2c20a789a3d7240 | affected |
| Linux | Linux | 800c482c9ef5910f05e3a713943c67cc6c1d4939 < 2148d34371b06dac696c0497a98a6bf905a51650 | affected |
| Linux | Linux | 9a1b6ea955e6c7b29939a6d98701202f9d9644ec < 829e19ef741d9e9932abdc3bee5466195e0852cf | affected |
| Linux | Linux | bab703ed8472aa9d109c5f8c1863921533363dae < eb4447bcce915b43b691123118893fca4f372a8f | affected |
| Linux | Linux | a41cd52f00907a040ca22c73d4805bb79b0d0972 | affected |
| Linux | Linux | 6.13.11 < 6.14 | affected |
| Linux | Linux | 6.1.134 < 6.1.139 | affected |
| Linux | Linux | 6.6.87 < 6.6.91 | affected |
| Linux | Linux | 6.12.23 < 6.12.29 | affected |
| Linux | Linux | 6.14.2 < 6.14.7 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/facf22c1a394c1e023dab5daf9a494f722771e1c
- https://git.kernel.org/stable/c/af9e2d4732a548db8f6f5a90c2c20a789a3d7240
- https://git.kernel.org/stable/c/2148d34371b06dac696c0497a98a6bf905a51650
- https://git.kernel.org/stable/c/829e19ef741d9e9932abdc3bee5466195e0852cf
- https://git.kernel.org/stable/c/eb4447bcce915b43b691123118893fca4f372a8f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.