CVE-2025-37954: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37954 affects the Linux kernel's SMB client implementation, specifically involving a race condition in the opencacheddir functionality with lease breaks. The vulnerability was discovered and disclosed on May 20, 2025. The issue occurs when a pre-existing valid cfid returned from findorcreatecacheddir races with a lease break, causing opencacheddir to incorrectly consider it invalid and treat it as newly-constructed (NVD Database, Wiz Report).

The vulnerability manifests as a race condition where a pre-existing valid cfid returned from findorcreatecacheddir might race with a lease break. This causes opencacheddir to incorrectly consider it invalid and treat it as newly-constructed. The technical impact occurs when the allocation takes place before the queued lease break work executes, resulting in a leaked dentry reference. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The primary impact of this vulnerability is a memory leak in the Linux kernel, specifically leaking a dentry reference under certain conditions. This occurs when the allocation takes place before the queued lease break work executes (Wiz Report).

The vulnerability has been resolved in the Linux kernel by extending the holding of cfidlistlock across findorcreatecacheddir and when the result is checked. This modification prevents the race condition between the lease break and the directory caching operation (NVD Database).

Multiple Linux distributions have responded to this vulnerability. Red Hat has marked it as 'Fix deferred' for Red Hat Enterprise Linux 9 and 10, while versions 6, 7, and 8 are not affected. Ubuntu has classified it as 'Severity MEDIUM' across versions 16.04 through 25.04, with fixes pending (Wiz Report).