CVE-2025-37954

smb: client: Avoid race in open_cached_dir with lease breaks

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the result is checked.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9
https://git.kernel.org/stable/c/571dcf3d27b24800c171aea7b5e04ff06d10e2e9
https://git.kernel.org/stable/c/2407265dc32bc8cc45b62a612c2a214ba9038e8b
https://git.kernel.org/stable/c/3ca02e63edccb78ef3659bebc68579c7224a6ca2

Frequently Asked Questions

What is the severity of CVE-2025-37954?
CVE-2025-37954 has not yet been assigned a CVSS score.
How to fix CVE-2025-37954?
To fix CVE-2025-37954, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37954 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37954 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37954?
CVE-2025-37954 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.