Acknowledged
Created: Sep 7, 2025
Updated: Feb 18, 2026
Resolved Date: Jan 28, 2026
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ksmbd: fix refcount leak causing resource not released[EOL][EOL]When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not[EOL]decremented properly, causing a refcount leak that prevents the count from[EOL]reaching zero and the memory from being released.
========Wind River Notice========
The CVE is that when ksmbd_conn_releasing(opinfo->conn) returns true, the refcount was not
decremented properly, causing a refcount leak that prevents the count from
reaching zero and the memory from being released. The CVE only happens in fs/smb/server/oplock.c in
the kernel samba server which is controlled by the config CONFIG_SMB_SERVER.
If CONFIG_SMB_SERVER is not set, the problem doesn't exist.
The mitigation is: Set CONFIG_SMB_SERVER=n in the kernel when build which is the default config in LTS23, and it doesn't impact the use on the userspace samba server.
