SB2025012164 - Buffer overflow in Linux kernel smb server
Published: January 21, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025012164
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-21660)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ksmbd_vfs_kern_path_locked() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/13e41c58c74baa71f34c0830eaa3c29d53a6e964
- https://git.kernel.org/stable/c/2ac538e40278a2c0c051cca81bcaafc547d61372
- https://git.kernel.org/stable/c/51669f4af5f7959565b48e55691ba92fabf5c587
- https://git.kernel.org/stable/c/65b31b9d992c0fb0685c51a0cf09993832734fc4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.72