CVE-2025-40328

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: fix potential UAF in smb2_close_cached_fid()<br /> <br /> find_or_create_cached_dir() could grab a new reference after kref_put()<br /> had seen the refcount drop to zero but before cfid_list_lock is acquired<br /> in smb2_close_cached_fid(), leading to use-after-free.<br /> <br /> Switch to kref_put_lock() so cfid_release() is called with<br /> cfid_list_lock held, closing that gap.