A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
History

Thu, 16 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Wed, 15 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
Title Samba: vfs_streams_xattr uninitialized memory write possible
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-10-15T12:47:29.871Z

Updated: 2025-10-15T13:07:50.362Z

Reserved: 2025-08-29T03:11:20.482Z

Link: CVE-2025-9640

cve-icon Vulnrichment

Updated: 2025-10-15T13:07:46.691Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-15T13:16:01.997

Modified: 2025-10-16T15:28:59.610

Link: CVE-2025-9640

cve-icon Redhat

Severity : Important

Publid Date: 2025-10-15T12:45:48Z

Links: CVE-2025-9640 - Bugzilla