Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure. This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.1.134, < 6.1.139 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2148d34371b06dac696c0497a98a6bf905a51650Patch
- https://git.kernel.org/stable/c/829e19ef741d9e9932abdc3bee5466195e0852cfPatch
- https://git.kernel.org/stable/c/af9e2d4732a548db8f6f5a90c2c20a789a3d7240Patch
- https://git.kernel.org/stable/c/eb4447bcce915b43b691123118893fca4f372a8fPatch
- https://git.kernel.org/stable/c/facf22c1a394c1e023dab5daf9a494f722771e1cPatch
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlThird Party Advisory
FAQ
What is CVE-2025-37962?
CVE-2025-37962 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a mem...
How severe is CVE-2025-37962?
CVE-2025-37962 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-37962?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.