Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]cifs: fix memory leak in smb3_fs_context_parse_param error path[EOL][EOL]Add proper cleanup of ctx->source and fc->source to the[EOL]cifs_parse_mount_err error handler. This ensures that memory allocated[EOL]for the source strings is correctly freed on all error paths, matching[EOL]the cleanup already performed in the success path by[EOL]smb3_cleanup_fs_context_contents().[EOL]Pointers are also set to NULL after freeing to prevent potential[EOL]double-free issues.[EOL][EOL]This change fixes a memory leak originally detected by syzbot. The[EOL]leak occurred when processing Opt_source mount options if an error[EOL]happened after ctx->source and fc->source were successfully[EOL]allocated but before the function completed.[EOL][EOL]The specific leak sequence was:[EOL]1. ctx->source = smb3_fs_context_fullpath(ctx, '/') allocates memory[EOL]2. fc->source = kstrdup(ctx->source, GFP_KERNEL) allocates more memory[EOL]3. A subsequent error jumps to cifs_parse_mount_err[EOL]4. The old error handler freed passwords but not the source strings,[EOL]causing the memory to leak.[EOL][EOL]This issue was not addressed by commit e8c73eb7db0a ("cifs: client:[EOL]fix memory leak in smb3_fs_context_parse_param"), which only fixed[EOL]leaks from repeated fsconfig() calls but not this error path.[EOL][EOL]Patch updated with minor change suggested by kernel test robot
