Linux Kernel ksmbd Reference Count Leak Vulnerability in smb_check_perm_dacl

Vulnerability

A reference count leak vulnerability has been identified in the Linux kernel's ksmbd component, specifically within the smb_check_perm_dacl() function. The issue arises when the 'id' and 'uid' values are identical, causing the function to exit the loop without properly decrementing the reference count of the 'posix_acls' object. This object’s reference count is initially increased by the get_acl() function, leading to potential memory leaks. The vulnerability has been addressed by ensuring the reference count of 'posix_acls' is decreased before the function exits the loop.

Impact

Exploitation of this vulnerability can lead to memory leaks, causing increased memory usage and potentially degrading system performance over time.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Reference Count Leak Vulnerability in smb_check_perm_dacl

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating