Primary

Context

Samba vfs_streams_xattr Module Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in the Samba vfs_streams_xattr module, where uninitialized heap memory can be written into alternate data streams. This flaw allows authenticated users to access residual memory content that may contain sensitive information, leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information from memory.

Remediation

Users can upgrade to Samba versions 4.23.2, 4.22.5, or 4.21.9, all of which include the necessary fix for this vulnerability.

Added: Oct 15, 2025, 1:18 PM

Updated: Oct 15, 2025, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samba vfs_streams_xattr Module Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Samba

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating