Login Sign Up

CVE-2025-39819

5.5 MEDIUM

📋 TL;DR

A reference counting bug in the Linux kernel's SMB client implementation could cause resource leaks when memory allocation fails during compound operations. This affects Linux systems using the SMB client functionality. The vulnerability could lead to kernel resource exhaustion under specific conditions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available for multiple stable branches
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the SMB client functionality (smbfs/cifs). Servers acting as SMB clients are vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel resource exhaustion leading to system instability, denial of service, or potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Resource leaks causing gradual performance degradation or occasional system instability when SMB operations encounter memory allocation failures.

🟢

If Mitigated

Minimal impact with proper memory management and monitoring in place.

🌐 Internet-Facing: LOW - Requires SMB client operations and specific memory allocation failure conditions.
🏢 Internal Only: MEDIUM - Internal SMB clients could be affected during normal file operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific memory allocation failure conditions during SMB compound operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 3fc11ff13fbc, 4191ea1f0bb3, 4735f5991f51, ab529e6ca1f6, cc82c6dff548

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable SMB client functionality

Linux

Prevent use of vulnerable SMB client code by disabling smbfs/cifs modules

modprobe -r cifs
echo 'blacklist cifs' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Monitor system for memory/resource exhaustion indicators
  • Implement strict memory limits and restart services when thresholds exceeded

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if SMB client modules are loaded: lsmod | grep -i cifs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: uname -r and check git log

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Memory allocation failure logs
  • SMB client error messages

Network Indicators:

  • Increased SMB client retries
  • Unusual SMB protocol errors

SIEM Query:

source="kernel" AND ("ENOMEM" OR "cifs" OR "smb") AND ("allocation failed" OR "refcount")

📊 Metadata

CVE ID: CVE-2025-39819
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.02% exploit probability (2.7th percentile)
Published: September 16, 2025
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON