cve 2025 40286

CVE-2025-40286 is a kernel memory leak vulnerability in the Linux SMB server code (ksmbd) that was fixed upstream. The bug occurs when a read operation fails, potentially leaking kernel memory and leading to resource exhaustion over time. Administrators running Linux systems that act as SMB clients or servers should treat this as a reliability and resource-exhaustion patch and install the appropriate kernel updates as soon as practical. The vulnerability affects systems using the ksmbd implementation of the SMB protocol, which is commonly used for Windows file sharing in mixed environments.