AZL-68936

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68936.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-68936

Upstream

CVE-2025-9640

Published

2025-10-15T13:16:01Z

Modified

2026-04-21T04:38:31.889094Z

Summary

CVE-2025-9640 affecting package samba 4.18.3-2

Details

A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9640

Affected packages

Azure Linux:3 / samba

Package

Name: samba
Purl: pkg:rpm/azure-linux/samba

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.18.3-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68936.json"