| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121632-CVE-2025-68219-f9c4@gregkh>
Date: Tue, 16 Dec 2025 14:57:38 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68219: cifs: fix memory leak in smb3_fs_context_parse_param error path
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix memory leak in smb3_fs_context_parse_param error path
Add proper cleanup of ctx->source and fc->source to the
cifs_parse_mount_err error handler. This ensures that memory allocated
for the source strings is correctly freed on all error paths, matching
the cleanup already performed in the success path by
smb3_cleanup_fs_context_contents().
Pointers are also set to NULL after freeing to prevent potential
double-free issues.
This change fixes a memory leak originally detected by syzbot. The
leak occurred when processing Opt_source mount options if an error
happened after ctx->source and fc->source were successfully
allocated but before the function completed.
The specific leak sequence was:
1. ctx->source = smb3_fs_context_fullpath(ctx, '/') allocates memory
2. fc->source = kstrdup(ctx->source, GFP_KERNEL) allocates more memory
3. A subsequent error jumps to cifs_parse_mount_err
4. The old error handler freed passwords but not the source strings,
causing the memory to leak.
This issue was not addressed by commit e8c73eb7db0a ("cifs: client:
fix memory leak in smb3_fs_context_parse_param"), which only fixed
leaks from repeated fsconfig() calls but not this error path.
Patch updated with minor change suggested by kernel test robot
The Linux kernel CVE team has assigned CVE-2025-68219 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.11 with commit 24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f and fixed in 6.6.118 with commit 7627864dc3121f39e220f5253a227edf472de59e
Issue introduced in 5.11 with commit 24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f and fixed in 6.12.60 with commit 48d69290270891f988e72edddd9688c20515421d
Issue introduced in 5.11 with commit 24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f and fixed in 6.17.10 with commit 37010021d7e0341bb241ca00bcbae31f2c50b23f
Issue introduced in 5.11 with commit 24e0a1eff9e2b9835a6e7c17039dfb6ecfd81f1f and fixed in 6.18 with commit 7e4d9120cfa413dd34f4f434befc5dbe6c38b2e5
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-68219
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/smb/client/fs_context.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/7627864dc3121f39e220f5253a227edf472de59e
https://git.kernel.org/stable/c/48d69290270891f988e72edddd9688c20515421d
https://git.kernel.org/stable/c/37010021d7e0341bb241ca00bcbae31f2c50b23f
https://git.kernel.org/stable/c/7e4d9120cfa413dd34f4f434befc5dbe6c38b2e5
Powered by blists - more mailing lists