{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9640", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-08-29T03:11:20.482Z", "datePublished": "2025-10-15T12:47:29.871Z", "dateUpdated": "2025-11-04T21:15:22.611Z"}, "containers": {"cna": {"title": "Samba: vfs_streams_xattr uninitialized memory write possible", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba4", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-9640", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391698", "name": "RHBZ#2391698", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.samba.org/samba/history/security.html"}], "datePublic": "2025-10-15T12:45:48.855Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "description": "Use of Uninitialized Resource", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-908: Use of Uninitialized Resource", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-08-29T03:11:02.720000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-10-15T12:45:48.855000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-23T15:25:37.099Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-908", "lang": "en", "description": "CWE-908 Use of Uninitialized Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-15T13:06:54.860646Z", "id": "CVE-2025-9640", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T13:07:50.362Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/10/15/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/10/16/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:15:22.611Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/10/15/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/10/16/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:15:22.611Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-15T13:06:54.860646Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T13:07:46.691Z"}}], "cna": {"title": "Samba: vfs_streams_xattr uninitialized memory write possible", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "samba4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-08-29T03:11:02.720000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-10-15T12:45:48.855000+00:00", "value": "Made public."}], "datePublic": "2025-10-15T12:45:48.855Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-9640", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391698", "name": "RHBZ#2391698", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.samba.org/samba/history/security.html"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-23T15:25:37.099Z"}, "x_redhatCweChain": "CWE-908: Use of Uninitialized Resource"}}, "cveMetadata": {"cveId": "CVE-2025-9640", "state": "PUBLISHED", "dateUpdated": "2025-11-04T21:15:22.611Z", "dateReserved": "2025-08-29T03:11:20.482Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-10-15T12:47:29.871Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability."}], "id": "CVE-2025-9640", "lastModified": "2025-11-04T22:16:45.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-10-15T13:16:01.997", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-9640"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391698"}, {"source": "secalert@redhat.com", "url": "https://www.samba.org/samba/history/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/10/15/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/10/16/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "samba: vfs_streams_xattr uninitialized memory write possible", "id": "2391698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391698"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "details": ["A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-9640", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-10-15T12:45:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9640\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9640\nhttps://www.samba.org/samba/history/security.html"], "statement": "This vulnerability is rated Low because its exploitation scope and potential impact are tightly constrained. Technically, the flaw only allows disclosure of uninitialized heap memory fragments, not direct control or corruption of memory. The attacker must already be an authenticated user with write access to files using the vfs_streams_xattr module, significantly reducing the attack surface. The exposed data is non-deterministic and contextually limited\u2014it consists of residual memory content that may or may not contain meaningful information, with no guarantee of retrieving sensitive secrets. Additionally, Samba already cleanses known secret buffers before freeing memory, further lowering the risk of credential or key exposure.", "threat_severity": "Important"}