{
  "threat_severity" : "Low",
  "public_date" : "2026-01-23T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cifs: Fix memory and information leak in smb3_reconfigure()",
    "id" : "2432362",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2432362"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncifs: Fix memory and information leak in smb3_reconfigure()\nIn smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the\nfunction returns immediately without freeing and erasing the newly\nallocated new_password and new_password2. This causes both a memory leak\nand a potential information leak.\nFix this by calling kfree_sensitive() on both password buffers before\nreturning in this error case.", "A memory and information leak vulnerability was found in the Linux kernel's CIFS/SMB3 filesystem driver. When smb3_reconfigure() fails during smb3_sync_session_ctx_passwords(), the newly allocated password buffers (new_password and new_password2) are not freed or securely erased. This causes a memory leak and leaves sensitive password data in kernel memory that could potentially be exposed." ],
  "statement" : "This vulnerability affects systems using CIFS/SMB3 filesystem mounts with password-based authentication. The password buffers remain in kernel memory after the error, creating an information disclosure risk if kernel memory can be read through other means. The memory leak accumulates with each failed reconfigure operation.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHBA-2025:6279",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.9.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-71151\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71151\nhttps://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71151-1a45@gregkh/T" ],
  "name" : "CVE-2025-71151",
  "csaw" : false
}