CNNVD-202510-2166 Information

CNNVD ID

CNNVD-202510-2166

Related CVE

CVE-2025-9640

• CNNVD Published: 2025-10-15

Description (Chinese)

Samba是Samba开源的一个适用于 Linux 和 Unix 的标准 Windows 互操作性程序套件。 Samba存在安全漏洞，该漏洞源于vfs_streams_xattr模块未初始化堆内存，可能导致信息泄露。

Description (English)

Samba is a standard Windows interoperability suite for Linux and Unix, an open source of Samba. There is a security loophole in Samba, which stems from the uninitialized memory of the vfs streams xattr module, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Samba

Published

2025-10-15

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2391698 https://access.redhat.com/security/cve/CVE-2025-9640 https://www.samba.org/samba/history/security.html https://vigilance.fr/vulnerability/Samba-out-of-bounds-memory-reading-via-vfs-streams-xattr-48499

Patch

https://www.samba.org/