CVE-2025-39819

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/smb: Fix inconsistent refcnt update<br /> <br /> A possible inconsistent update of refcount was identified in `smb2_compound_op`.<br /> Such inconsistent update could lead to possible resource leaks.<br /> <br /> Why it is a possible bug:<br /> 1. In the comment section of the function, it clearly states that the<br /> reference to `cfile` should be dropped after calling this function.<br /> 2. Every control flow path would check and drop the reference to<br /> `cfile`, except the patched one.<br /> 3. Existing callers would not handle refcount update of `cfile` if<br /> -ENOMEM is returned.<br /> <br /> To fix the bug, an extra goto label "out" is added, to make sure that the<br /> cleanup logic would always be respected. As the problem is caused by the<br /> allocation failure of `vars`, the cleanup logic between label "finished"<br /> and "out" can be safely ignored. According to the definition of function<br /> `is_replayable_error`, the error code of "-ENOMEM" is not recoverable.<br /> Therefore, the replay logic also gets ignored.