Linux Kernel CIFS Client Double Free Vulnerability

Vulnerability

A double free vulnerability has been identified in the Linux kernel's CIFS client, specifically within the handling of TCP server information. This issue arises when the server is shutting down while the CIFS thread is still reconnecting to multiple DFS targets. As a result, the server's hostname cannot be properly freed, leading to a memory management error. The vulnerability has been addressed in the official Linux Git repository.

Impact

Exploitation of this vulnerability can lead to a double free memory error, which may cause memory corruption and potentially allow for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CIFS Client Double Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating