{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40103", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.164Z", "datePublished": "2025-10-30T09:48:08.421Z", "dateUpdated": "2026-05-11T21:42:34.498Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:42:34.498Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix refcount leak for cifs_sb_tlink\n\nFix three refcount inconsistency issues related to `cifs_sb_tlink`.\n\nComments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be\ncalled after successful calls to `cifs_sb_tlink()`. Three calls fail to\nupdate refcount accordingly, leading to possible resource leaks."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/inode.c", "fs/smb/client/smb2ops.c"], "versions": [{"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "d3c8ea197055c260119a13360e8202a27e53e1e4", "status": "affected", "versionType": "git"}, {"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "790282abe9d805f08618c1c24ea2529e7259b692", "status": "affected", "versionType": "git"}, {"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "d7dd034c14928306db1b46be277ae439b84dacf9", "status": "affected", "versionType": "git"}, {"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "e15605b68b490186da2ad8029c0351a9cfb0b9af", "status": "affected", "versionType": "git"}, {"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "896bb31e1416f582503db1350cf1bd10dc64e5a6", "status": "affected", "versionType": "git"}, {"version": "8ceb984379462f94bdebef3288d569c6e1f912ea", "lessThan": "c2b77f42205ef485a647f62082c442c1cd69d3fc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/inode.c", "fs/smb/client/smb2ops.c"], "versions": [{"version": "3.7", "status": "affected"}, {"version": "0", "lessThan": "3.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.158", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.114", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.55", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.5", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.1.158"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.6.114"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.12.55"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.17.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d3c8ea197055c260119a13360e8202a27e53e1e4"}, {"url": "https://git.kernel.org/stable/c/790282abe9d805f08618c1c24ea2529e7259b692"}, {"url": "https://git.kernel.org/stable/c/d7dd034c14928306db1b46be277ae439b84dacf9"}, {"url": "https://git.kernel.org/stable/c/e15605b68b490186da2ad8029c0351a9cfb0b9af"}, {"url": "https://git.kernel.org/stable/c/896bb31e1416f582503db1350cf1bd10dc64e5a6"}, {"url": "https://git.kernel.org/stable/c/c2b77f42205ef485a647f62082c442c1cd69d3fc"}], "title": "smb: client: Fix refcount leak for cifs_sb_tlink", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix refcount leak for cifs_sb_tlink\n\nFix three refcount inconsistency issues related to `cifs_sb_tlink`.\n\nComments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be\ncalled after successful calls to `cifs_sb_tlink()`. Three calls fail to\nupdate refcount accordingly, leading to possible resource leaks."}], "id": "CVE-2025-40103", "lastModified": "2026-04-18T09:16:12.240", "metrics": {}, "published": "2025-10-30T10:15:34.693", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/790282abe9d805f08618c1c24ea2529e7259b692"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/896bb31e1416f582503db1350cf1bd10dc64e5a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2b77f42205ef485a647f62082c442c1cd69d3fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d3c8ea197055c260119a13360e8202a27e53e1e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d7dd034c14928306db1b46be277ae439b84dacf9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e15605b68b490186da2ad8029c0351a9cfb0b9af"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: smb: client: Fix refcount leak for cifs_sb_tlink", "id": "2407350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407350"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-40103", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40103\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40103\nhttps://lore.kernel.org/linux-cve-announce/2025103018-CVE-2025-40103-e5ae@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-20T15:28:47.577807+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that contains the cifs reference count fix introduced by commit 790282abe9d80", "If a kernel upgrade cannot be performed immediately, manually apply the upstream patch that corrects the reference count handling for cifs_sb_tlink to your current kernel source", "Suspend or limit CIFS (SMB) mounts on affected systems until the patch is applied to prevent potential resource exhaustion"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw resides in the Linux kernel that powers all Linux distributions. No specific vendor version is listed, but any instance of the kernel that includes the CIFS client module before the patch is potentially affected. This includes production servers and desktop systems that mount SMB shares via CIFS. The commit references point to upstream kernel revisions, so all kernel releases after the fix, but before it, are at risk.", "description_and_impact": "An internal reference count leak exists in the CIFS SMB client code of the Linux kernel. The bug causes three separate call paths to cifs_sb_tlink to fail to decrement the reference counter for cifs_sb_tlink objects, allowing the counter to grow unbounded. As the kernel exhausts available kernel memory or other resources associated with these objects, it can lead to a denial of service.", "risk_and_exploitability": "The CVSS base score is 5.5, which places it in the medium severity band, and the EPSS score is below 1%, indicating a low likelihood of public exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. An attacker would need to invoke SMB mount operations that trigger cifs_sb_tlink paths; therefore the attack vector is most likely local or requires elevated privileges to mount large numbers of SMB shares. Although publicly disclosed exploits are unavailable, the potential for resource exhaustion makes the risk significant enough to warrant timely remediation."}}}}, "created": "2025-10-30T14:37:17.237145+00:00", "updated": "2026-04-20T15:30:06.174647+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-772"]}