CVE-2025-39720 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not decremented properly, causing a refcount leak that prevents the count from reaching zero and the memory from being released.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/36e010bb865fbaa1202fe9bcce3fd486d6db7606
https://git.kernel.org/stable/c/89bb430f621124af39bb31763c4a8b504c9651e2
https://git.kernel.org/stable/c/9a7abce6e8c0e2145b346a6d4abf0d9655e9b0e8
https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a
https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39720-3cbf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-39720
https://www.cve.org/CVERecord?id=CVE-2025-39720

History

Sun, 07 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Sat, 06 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39720-3cbf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-39720 https://www.cve.org/CVERecord?id=CVE-2025-39720
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 05 Sep 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not decremented properly, causing a refcount leak that prevents the count from reaching zero and the memory from being released.
Title		ksmbd: fix refcount leak causing resource not released
References		https://git.kernel.org/stable/c/36e010bb865fbaa1202fe9bcce3fd486d6db7606 https://git.kernel.org/stable/c/89bb430f621124af39bb31763c4a8b504c9651e2 https://git.kernel.org/stable/c/9a7abce6e8c0e2145b346a6d4abf0d9655e9b0e8 https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-05T17:21:28.060Z

Updated: 2025-09-08T15:21:58.155Z

Reserved: 2025-04-16T07:20:57.117Z

Link: CVE-2025-39720

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-05T18:15:49.643

Modified: 2025-09-08T16:25:38.810

Link: CVE-2025-39720

Redhat

Severity : Moderate

Publid Date: 2025-09-05T00:00:00Z

Links: CVE-2025-39720 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object