Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-71151

Опубликовано: 23 янв. 2026
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory and information leak in smb3_reconfigure()

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak.

Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.6.64 (включая) до 6.6.120 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.11.11 (включая) до 6.12 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.12.2 (включая) до 6.12.64 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.13 (включая) до 6.18.3 (исключая)
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*

EPSS

Процентиль: 3%
0.00016
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2025-71151

CVSS3: 5.5
ubuntu
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

redhat логотип

CVE-2025-71151

CVSS3: 5.5
redhat
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

debian логотип

CVE-2025-71151

CVSS3: 5.5
debian
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: c ...

github логотип

GHSA-mp8m-m46q-cqx4

CVSS3: 5.5
github
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

oracle-oval логотип

ELSA-2026-50112

oracle-oval
около 1 месяца назад

ELSA-2026-50112: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 3%
0.00016
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-401