{ "threat_severity" : "Low", "public_date" : "2025-09-16T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Denial of Service via resource leak in SMB2 compound operations", "id" : "2395806", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395806" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nfs/smb: Fix inconsistent refcnt update\nA possible inconsistent update of refcount was identified in `smb2_compound_op`.\nSuch inconsistent update could lead to possible resource leaks.\nWhy it is a possible bug:\n1. In the comment section of the function, it clearly states that the\nreference to `cfile` should be dropped after calling this function.\n2. Every control flow path would check and drop the reference to\n`cfile`, except the patched one.\n3. Existing callers would not handle refcount update of `cfile` if\n-ENOMEM is returned.\nTo fix the bug, an extra goto label \"out\" is added, to make sure that the\ncleanup logic would always be respected. As the problem is caused by the\nallocation failure of `vars`, the cleanup logic between label \"finished\"\nand \"out\" can be safely ignored. According to the definition of function\n`is_replayable_error`, the error code of \"-ENOMEM\" is not recoverable.\nTherefore, the replay logic also gets ignored.", "A flaw was found in the Linux kernel. An inconsistent update of the reference count in the `smb2_compound_op` function, particularly during memory allocation failures, could lead to resource leaks. A local attacker could exploit this to cause a Denial of Service (DoS) by exhausting system resources." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-10-27T00:00:00Z", "advisory" : "RHSA-2025:19105", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.58.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-10-27T00:00:00Z", "advisory" : "RHSA-2025:19105", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.58.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-39819\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39819\nhttps://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39819-d3c9@gregkh/T" ], "name" : "CVE-2025-39819", "csaw" : false }