CVE-2025-39929
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's SMB client implementation. When SMB Direct negotiation fails, the kernel fails to properly clean up allocated memory, leading to resource exhaustion over time. This affects all Linux systems using the SMB client with SMB Direct enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, denial of service, or potential kernel panic.
Likely Case
Gradual memory consumption causing performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and memory limits in place.
🎯 Exploit Status
Requires ability to trigger SMB Direct negotiation failures, which typically requires network access to SMB servers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commit hashes provided in references
Vendor Advisory: https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SMB Direct
linuxPrevent use of SMB Direct (RDMA) for SMB connections
echo 'options cifs rdma=0' > /etc/modprobe.d/cifs-disable-rdma.conf
reboot
🧯 If You Can't Patch
- Disable SMB Direct functionality completely
- Implement strict network controls to limit SMB connections to trusted servers only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if SMB Direct is enabled in cifs module parametersCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for memory leak patterns in /proc/meminfo over time📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Increasing memory usage in system logs
- SMB connection failure logs
Network Indicators:
- SMB Direct (RDMA) connection attempts
- SMB negotiation failures
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "slab")🔗 References
- https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e
- https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689
- https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4
- https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0
- https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df
