Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

INFO

Published Date :

2026-01-23T14:15:17.916Z

Last Modified :

2026-02-09T08:35:48.376Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71151 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71151.

URL Resource
https://git.kernel.org/stable/c/5679cc90bb5415801fa29041da0319d9e15d295d cve-icon cve-icon
https://git.kernel.org/stable/c/bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6 cve-icon cve-icon
https://git.kernel.org/stable/c/bc390b2737205163e48cc1655f6a0c8cd55b02fc cve-icon cve-icon
https://git.kernel.org/stable/c/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71151-1a45@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71151 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71151 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact