Incomplete Cleanup Affecting kernel-core package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS8-KERNELCORE-14258180
- published9 Dec 2025
- disclosed6 Dec 2025
Introduced: 6 Dec 2025
NewCVE-2025-40268 (opens in a new tab)How to fix?
There is no fixed version for Centos:8 kernel-core.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-core package and not the kernel-core package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
cifs: client: fix memory leak in smb3_fs_context_parse_param
The user calls fsconfig twice, but when the program exits, free() only frees ctx->source for the second fsconfig, not the first. Regarding fc->source, there is no code in the fs context related to its memory reclamation.
To fix this memory leak, release the source memory corresponding to ctx or fc before each parsing.
syzbot reported: BUG: memory leak unreferenced object 0xffff888128afa360 (size 96): backtrace (crc 79c9c7ba): kstrdup+0x3c/0x80 mm/util.c:84 smb3_fs_context_parse_param+0x229b/0x36c0 fs/smb/client/fs_context.c:1444
BUG: memory leak unreferenced object 0xffff888112c7d900 (size 96): backtrace (crc 79c9c7ba): smb3_fs_context_fullpath+0x70/0x1b0 fs/smb/client/fs_context.c:629 smb3_fs_context_parse_param+0x2266/0x36c0 fs/smb/client/fs_context.c:1438
References
- https://access.redhat.com/security/cve/CVE-2025-40268
- https://git.kernel.org/stable/c/4515743cc7a42e1d67468402a6420c195532a6fa
- https://git.kernel.org/stable/c/48c17341577e25a22feb13d694374b61d974edbc
- https://git.kernel.org/stable/c/868fc62811d3fabcf5685e14f36377a855d5412d
- https://git.kernel.org/stable/c/e8c73eb7db0a498cd4b22d2819e6ab1a6f506bd6