CVE-2025-40285

In the Linux kernel, the following vulnerability has been resolved:

smb/server: fix possible refcount leak in smb2_sess_setup()

Reference count of ksmbd_session will leak when session need reconnect.
Fix this by adding the missing ksmbd_user_session_put().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
6.17.9-1
fixed
sid
6.17.10-1
fixed
References
https://git.kernel.org/stable/c/379510a815cb2e64eb0a379cb62295d6ade65df0
https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659198399fbf57b981
https://git.kernel.org/stable/c/d37b2c81c83d6c0d5ca582f4fe73c672983f9e0d
https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865a172ac982d78401
https://git.kernel.org/stable/c/e671f9bb97805771380c98de944e2ceab6949188