From: Miaoqian Lin <linmq006@gmail.com> mainline inclusion from mainline-v6.15-rc1 commit 6171063e9d046ffa46f51579b2ca4a43caef581a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IC2CBV CVE: CVE-2025-38575 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> --- fs/smb/server/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/smb/server/auth.c b/fs/smb/server/auth.c index 58380a986af5..c3baf6537fad 100644 --- a/fs/smb/server/auth.c +++ b/fs/smb/server/auth.c @@ -1211,10 +1211,10 @@ int ksmbd_crypt_message(struct ksmbd_work *work, struct kvec *iov, free_iv: kfree(iv); free_sg: kfree(sg); free_req: - kfree(req); + aead_request_free(req); free_ctx: ksmbd_release_crypto_ctx(ctx); return rc; } -- 2.39.2