CVE-2025-40103

Advisory lineage Upstream: 0 Downstream: 34

Downstream

DEBIAN-CVE-2025-40103 DLA-4379-1 DSA-6053-1 MGASA-2025-0309 MGASA-2025-0310 OPENSUSE-SU-2025:15702-1

Deferred

Published: 30 Oct 2025, 09:48

Last modified:11 May 2026, 21:42

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

0.09% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Oct 2025, 09:48

Published

Vulnerability first disclosed

11 May 2026, 21:42

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.

EPSS Trends

Current EPSS score: 0.09%• Percentile: 25%

Affected Systems

linux•linux
≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < d3c8ea197055c260119a13360e8202a27e53e1e4 | ≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < 790282abe9d805f08618c1c24ea2529e7259b692 | ≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < d7dd034c14928306db1b46be277ae439b84dacf9 | ≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < e15605b68b490186da2ad8029c0351a9cfb0b9af | ≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < 896bb31e1416f582503db1350cf1bd10dc64e5a6 | ≥ 8ceb984379462f94bdebef3288d569c6e1f912ea, < c2b77f42205ef485a647f62082c442c1cd69d3fc | 3.7