Samba: vfs_streams_xattr uninitialized memory write possible_CVE-2025-9640

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Basic Information

ID CVE-2025-9640

Source redhat

Published Oct 15, 2025 at 12:47

Modified Oct 15, 2025 at 13:07

Affected Product

Vendor Red Hat

Product Red Hat Enterprise Linux 10

CWE Classification

CWE-908

References

{
    "lastseen": "",
    "description": "A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.",
    "published": "2025-10-15T12:47:29.871Z",
    "modified": "2025-10-15T13:07:50.362Z",
    "type": "cve",
    "title": "Samba: vfs_streams_xattr uninitialized memory write possible",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2025-9640\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2391698\nhttps://www.samba.org/samba/history/security.html",
    "id": "CVE-2025-9640",
    "bulletinFamily": "",
    "cwe": [
        "CWE-908"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat Enterprise Linux 10",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}