5.5

CVE-2025-21748

ksmbd: fix integer overflows on 32 bit systems

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix integer overflows on 32 bit systems

On 32bit systems the addition operations in ipc_msg_alloc() can
potentially overflow leading to memory corruption.
Add bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.78
LinuxLinux Kernel Version >= 6.7 < 6.12.14
LinuxLinux Kernel Version >= 6.13 < 6.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/760568c1f62ea874e8fb492f9cfa4f47b4b8391e
Patch
https://git.kernel.org/stable/c/82f59d64e6297f270311b16b5dcf65be406d1ea3
Patch
https://git.kernel.org/stable/c/aab98e2dbd648510f8f51b83fbf4721206ccae45
Patch
https://git.kernel.org/stable/c/b4b902737746c490258de5cb55cab39e79927a67
Patch
https://git.kernel.org/stable/c/ecb9947fa7c99a77b04d43404c6988a0d326e4a0
Patch
https://git.kernel.org/stable/c/f3b9fb2764591d792d160f375851013665a9e820
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html