CVE-2025-71153
📋 TL;DR
A memory leak vulnerability exists in the Linux kernel's ksmbd module when vfs_getattr() fails in get_file_all_info(). This could lead to gradual memory exhaustion on systems using the ksmbd SMB server. Only Linux systems with ksmbd enabled are affected.
💻 Affected Systems
- Linux kernel with ksmbd module
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service.
Likely Case
Gradual memory consumption over time requiring system restart to recover, potentially causing service disruption.
If Mitigated
Minimal impact with proper monitoring and restart procedures in place.
🎯 Exploit Status
Requires triggering vfs_getattr() failure in specific code path. No known exploitation in wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0c56693b06a68476ba113db6347e7897475f9e4c or later
Vendor Advisory: https://git.kernel.org/stable/c/0c56693b06a68476ba113db6347e7897475f9e4c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Rebuild kernel if using custom build. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ksmbd module
linuxUnload ksmbd module if not required for system functionality
sudo rmmod ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf
🧯 If You Can't Patch
- Monitor system memory usage and restart ksmbd service if memory consumption grows abnormally
- Implement kernel memory usage monitoring with alerts for sustained growth
🔍 How to Verify
Check if Vulnerable:
Check if ksmbd module is loaded: lsmod | grep ksmbd. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: grep -q '0c56693b06a68476ba113db6347e7897475f9e4c' /proc/version_signature || echo 'Check kernel source'📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- ksmbd service crashes
Network Indicators:
- SMB connection failures to ksmbd service
SIEM Query:
source="kernel" AND ("oom" OR "out of memory") AND process="ksmbd"