← voltar
CVE-2025-9640

Samba: vfs_streams_xattr uninitialized memory write possible

CVSS 4.3 MEDIUMEPSS 0.4%CWE-908
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
sambaRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat OpenShift Container Platform 4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/CVE-2025-9640https://bugzilla.redhat.com/show_bug.cgi?id=2391698https://lists.debian.org/debian-lts-announce/2025/11/msg00027.htmlhttps://www.samba.org/samba/history/security.htmlhttp://www.openwall.com/lists/oss-security/2025/10/15/2http://www.openwall.com/lists/oss-security/2025/10/16/2