How to fix CVE-2025-71151?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Linux Kernel affected by CVE-2025-71151?

CVE-2025-71151 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

CVE-2025-71151

MEDIUM

2026-01-23 416baaa9-dc9f-4396-8d5f-8c081fb06d67

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 26, 2026 - 20:29 nvd

Patch available

CVE Published

Jan 23, 2026 - 15:16 nvd

MEDIUM 5.5

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory and information leak in smb3_reconfigure()

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]

Technical Context

Classified as CWE-401 (Memory Leak). Affects Linux Kernel. In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory and information leak in smb3_reconfigure()

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the

function returns immediately without freeing and erasing the newly

allocated new_password and new_password2. This causes both a memory leak

and a potential information leak.

Fix this by calling kfree_sensitive() on both password buffers before

returning in this error case.

Affected Products

Vendor: Linux. Product: Linux Kernel.

Remediation

A vendor patch is available — apply it immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

CVE-2025-71151 vulnerability details – vuln.today

Back

CVE-2025-71151

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-71151

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code