Security Advisory

CVE-2025-71151

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-23 14:15:17
Last updated 2026-05-23 16:03:26
Assigner Linux
State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.