A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Oct 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 15 Oct 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-908 | |
Metrics |
ssvc
|
Wed, 15 Oct 2025 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. | |
Title | Samba: vfs_streams_xattr uninitialized memory write possible | |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published: 2025-10-15T12:47:29.871Z
Updated: 2025-10-15T13:07:50.362Z
Reserved: 2025-08-29T03:11:20.482Z
Link: CVE-2025-9640

Updated: 2025-10-15T13:07:46.691Z

Status : Awaiting Analysis
Published: 2025-10-15T13:16:01.997
Modified: 2025-10-16T15:28:59.610
Link: CVE-2025-9640
