{"id":"CVE-2025-40328","summary":"smb: client: fix potential UAF in smb2_close_cached_fid()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_close_cached_fid()\n\nfind_or_create_cached_dir() could grab a new reference after kref_put()\nhad seen the refcount drop to zero but before cfid_list_lock is acquired\nin smb2_close_cached_fid(), leading to use-after-free.\n\nSwitch to kref_put_lock() so cfid_release() is called with\ncfid_list_lock held, closing that gap.","modified":"2026-04-16T00:05:46.741207411Z","published":"2025-12-09T04:09:44.876Z","related":["SUSE-SU-2026:0293-1","SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40328.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/065bd62412271a2d734810dd50336cae88c54427"},{"type":"WEB","url":"https://git.kernel.org/stable/c/734e99623c5b65bf2c03e35978a0b980ebc3c2f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bdb596ceb4b7c3f28786a33840263728217fbcf5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cb52d9c86d70298de0ab7c7953653898cbc0efd6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40328.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40328"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ebe98f1447bbccf8228335c62d86af02a0ed23f7"},{"fixed":"cb52d9c86d70298de0ab7c7953653898cbc0efd6"},{"fixed":"065bd62412271a2d734810dd50336cae88c54427"},{"fixed":"bdb596ceb4b7c3f28786a33840263728217fbcf5"},{"fixed":"734e99623c5b65bf2c03e35978a0b980ebc3c2f8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40328.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.58"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40328.json"}}],"schema_version":"1.7.5"}