github - ghsa-xq93-xr8g-2h7w

ghsa-xq93-xr8g-2h7w

Vulnerability from github

Published

2025-10-04 09:30

Modified

2025-10-04 09:30

Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path

During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39929"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T08:15:44Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\n\nDuring tests of another unrelated patch I was able to trigger this\nerror: Objects remaining on __kmem_cache_shutdown()",
  "id": "GHSA-xq93-xr8g-2h7w",
  "modified": "2025-10-04T09:30:20Z",
  "published": "2025-10-04T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39929"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-39929 (GCVE-0-2025-39929)

Vulnerability from cvelistv5

Published

2025-10-04 07:30

Modified

2025-10-04 07:30

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()

References

URL

Tags

	https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689
	https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df
	https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4
	https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e
	https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0

Impacted products

Vendor

Product

Version

Version: f198186aa9bbd60fae7a2061f4feec614d880299
Version: f198186aa9bbd60fae7a2061f4feec614d880299
Version: f198186aa9bbd60fae7a2061f4feec614d880299
Version: f198186aa9bbd60fae7a2061f4feec614d880299
Version: f198186aa9bbd60fae7a2061f4feec614d880299

Version: 4.16

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smbdirect.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d7c075c878ac844e33c43e506c2fa27ac7e9689",
              "status": "affected",
              "version": "f198186aa9bbd60fae7a2061f4feec614d880299",
              "versionType": "git"
            },
            {
              "lessThan": "e7b7a93879558e77d950f1ff9a6f3daa385b33df",
              "status": "affected",
              "version": "f198186aa9bbd60fae7a2061f4feec614d880299",
              "versionType": "git"
            },
            {
              "lessThan": "922338efaad63cfe30d459dfc59f9d69ff93ded4",
              "status": "affected",
              "version": "f198186aa9bbd60fae7a2061f4feec614d880299",
              "versionType": "git"
            },
            {
              "lessThan": "0991418bf98f191d0c320bd25245fcffa1998c7e",
              "status": "affected",
              "version": "f198186aa9bbd60fae7a2061f4feec614d880299",
              "versionType": "git"
            },
            {
              "lessThan": "daac51c7032036a0ca5f1aa419ad1b0471d1c6e0",
              "status": "affected",
              "version": "f198186aa9bbd60fae7a2061f4feec614d880299",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smbdirect.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.154",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.108",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.49",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\n\nDuring tests of another unrelated patch I was able to trigger this\nerror: Objects remaining on __kmem_cache_shutdown()"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-04T07:30:55.153Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df"
        },
        {
          "url": "https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4"
        },
        {
          "url": "https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0"
        }
      ],
      "title": "smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39929",
    "datePublished": "2025-10-04T07:30:55.153Z",
    "dateReserved": "2025-04-16T07:20:57.147Z",
    "dateUpdated": "2025-10-04T07:30:55.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.